Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1530694
MD5:9ca76584366a4a0a5fc35324672f22af
SHA1:b22c6cd8e976b11e67b548d4df93f8253cf53a20
SHA256:3289ba8ea3f0dad99f413df7fef1b6d18063978d4ad49f9526347aaa093166b7
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for domain / URL
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 2412 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 9CA76584366A4A0A5FC35324672F22AF)
  • cleanup

Malware Configuration

Threatname: LummaC

{"C2 url": ["mobbipenju.store", "spirittunek.store", "dissapoiznw.store", "licendfilteo.site", "studennotediw.store", "bathdoomgaz.store", "eaglepawnoy.store", "clearancek.site"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-10T12:05:07.031541+020020546531A Network Trojan was detected192.168.2.549707172.67.206.204443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-10T12:05:07.031541+020020498361A Network Trojan was detected192.168.2.549707172.67.206.204443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-10T12:05:04.630209+020020564771Domain Observed Used for C2 Detected192.168.2.5605111.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-10T12:05:04.570327+020020564711Domain Observed Used for C2 Detected192.168.2.5611911.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-10T12:05:04.608524+020020564811Domain Observed Used for C2 Detected192.168.2.5504791.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-10T12:05:04.597318+020020564831Domain Observed Used for C2 Detected192.168.2.5625831.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-10T12:05:04.653882+020020564731Domain Observed Used for C2 Detected192.168.2.5616151.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-10T12:05:04.585746+020020564851Domain Observed Used for C2 Detected192.168.2.5631541.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-10T12:05:04.642129+020020564751Domain Observed Used for C2 Detected192.168.2.5571611.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-10T12:05:04.619284+020020564791Domain Observed Used for C2 Detected192.168.2.5585351.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-10T12:05:05.962829+020028586661Domain Observed Used for C2 Detected192.168.2.549706104.102.49.254443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: file.exeAvira: detected
    Antivirus detection for URL or domain
    Source: https://steamcommunity.com/profiles/76561199724331900URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/inventory/URL Reputation: Label: malware
    Found malware configuration
    Source: file.exe.2412.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["mobbipenju.store", "spirittunek.store", "dissapoiznw.store", "licendfilteo.site", "studennotediw.store", "bathdoomgaz.store", "eaglepawnoy.store", "clearancek.site"], "Build id": "4SD0y4--legendaryy"}
    Multi AV Scanner detection for domain / URL
    Source: sergei-esenin.comVirustotal: Detection: 16%Perma Link
    Source: eaglepawnoy.storeVirustotal: Detection: 18%Perma Link
    Source: spirittunek.storeVirustotal: Detection: 18%Perma Link
    Source: mobbipenju.storeVirustotal: Detection: 17%Perma Link
    Source: bathdoomgaz.storeVirustotal: Detection: 17%Perma Link
    Source: clearancek.siteVirustotal: Detection: 17%Perma Link
    Source: studennotediw.storeVirustotal: Detection: 17%Perma Link
    Source: dissapoiznw.storeVirustotal: Detection: 17%Perma Link
    Source: licendfilteo.siteVirustotal: Detection: 15%Perma Link
    Source: studennotediw.storeVirustotal: Detection: 17%Perma Link
    Source: dissapoiznw.storeVirustotal: Detection: 17%Perma Link
    Source: eaglepawnoy.storeVirustotal: Detection: 18%Perma Link
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: licendfilteo.site
    Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: spirittunek.store
    Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: bathdoomgaz.store
    Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: studennotediw.store
    Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: dissapoiznw.store
    Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: eaglepawnoy.store
    Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: mobbipenju.store
    Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--legendaryy
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49706 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.5:49707 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0070D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0070D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_007463B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00745700
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h0_2_0074695B
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_007499D0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]0_2_0070FCA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00710EEC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00744040
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then dec ebx0_2_0073F030
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00716F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, dword ptr [edx]0_2_00701000
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00746094
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_0072D1E1
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_00722260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [esi], ax0_2_00722260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_007142FC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, eax0_2_0070A300
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_007323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_007323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_007323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], al0_2_007323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_007323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+14h]0_2_007323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_0072C470
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0071D457
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]0_2_00741440
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp], 00000000h0_2_0071B410
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0072E40C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_007464B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00716536
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh0_2_00747520
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00729510
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]0_2_00708590
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0072E66A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_0073B650
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [edi+eax]0_2_00747710
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]0_2_007467EF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0072D7AF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_007228E9
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h0_2_0071D961
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h0_2_00743920
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]0_2_007049A0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_00705A50
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00744A40
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00711A3C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00711ACD
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_00749B60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+000006B8h]0_2_0071DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h0_2_0071DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00713BE2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00711BEE
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_00730B80
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [eax+esi+02h], 0000h0_2_0072EC48
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh0_2_0073FC20
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h0_2_00727C00
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00749CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh0_2_00749CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h0_2_0072CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0072CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h0_2_0072CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_0072AC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], ax0_2_0072AC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0072DD29
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh0_2_0072FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00748D8A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00725E70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00727E60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, word ptr [ecx]0_2_0072AE57
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, ecx0_2_00714E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [ebp+00h]0_2_0070BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [ebx], 00000000h0_2_00716EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]0_2_00706EA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00711E93
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0073FF70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00729F62
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00708FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00745FD6
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], 0000h0_2_0071FFDF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h0_2_00747FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00747FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00716F91

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.5:62583 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.5:60511 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.5:58535 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.5:61191 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.5:57161 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.5:63154 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.5:61615 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.5:50479 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.5:49706 -> 104.102.49.254:443
    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49707 -> 172.67.206.204:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49707 -> 172.67.206.204:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: mobbipenju.store
    Source: Malware configuration extractorURLs: spirittunek.store
    Source: Malware configuration extractorURLs: dissapoiznw.store
    Source: Malware configuration extractorURLs: licendfilteo.site
    Source: Malware configuration extractorURLs: studennotediw.store
    Source: Malware configuration extractorURLs: bathdoomgaz.store
    Source: Malware configuration extractorURLs: eaglepawnoy.store
    Source: Malware configuration extractorURLs: clearancek.site
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewIP Address: 172.67.206.204 172.67.206.204
    Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=f4e6b54f4f86c8f1989ddb9b; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type34837Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 10 Oct 2024 10:05:05 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: clearancek.site
    Source: global trafficDNS traffic detected: DNS query: mobbipenju.store
    Source: global trafficDNS traffic detected: DNS query: eaglepawnoy.store
    Source: global trafficDNS traffic detected: DNS query: dissapoiznw.store
    Source: global trafficDNS traffic detected: DNS query: studennotediw.store
    Source: global trafficDNS traffic detected: DNS query: bathdoomgaz.store
    Source: global trafficDNS traffic detected: DNS query: spirittunek.store
    Source: global trafficDNS traffic detected: DNS query: licendfilteo.site
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: global trafficDNS traffic detected: DNS query: sergei-esenin.com
    Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb
    Source: file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
    Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
    Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akam
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akam=S
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akama0Q
    Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/pu
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/puQ
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/p
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
    Source: file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
    Source: file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=engli
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascri
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=Gu9gs5hf
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=M7aU
    Source: file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isF
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
    Source: file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDq
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_com
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
    Source: file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=IZH_ONwLX4kw&l=e
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_s
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=
    Source: file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
    Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: file.exe, 00000000.00000003.2081999136.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081775776.0000000001343000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/
    Source: file.exe, 00000000.00000003.2081775776.000000000132E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100358321.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081999136.0000000001383000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api
    Source: file.exe, 00000000.00000002.2100236403.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api3
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100358321.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081999136.0000000001383000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api;
    Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: file.exe, 00000000.00000002.2100236403.0000000001343000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081775776.0000000001343000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/Q
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/h
    Source: file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wish
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: file.exe, 00000000.00000002.2100236403.0000000001343000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081775776.0000000001343000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steam
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowe
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampower
    Source: file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: file.exe, 00000000.00000003.2081775776.0000000001361000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072046452.0000000001362000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100332469.0000000001365000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: file.exe, 00000000.00000003.2081775776.0000000001361000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072046452.0000000001362000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100332469.0000000001365000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f
    Source: file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/ne
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.2081775776.0000000001361000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072046452.0000000001362000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100332469.0000000001365000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://studennotediw.store/apiS
    Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49706 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.5:49707 version: TLS 1.2

    System Summary

    barindex
    PE file contains section with special chars
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007102280_2_00710228
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007440400_2_00744040
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007120300_2_00712030
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007DD0340_2_007DD034
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007010000_2_00701000
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0074A0D00_2_0074A0D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007051600_2_00705160
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008E410E0_2_008E410E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007071F00_2_007071F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008DB1050_2_008DB105
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0070E1A00_2_0070E1A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007012F70_2_007012F7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007382D00_2_007382D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007312D00_2_007312D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0070A3000_2_0070A300
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007323E00_2_007323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0070B3A00_2_0070B3A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007013A30_2_007013A3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0072C4700_2_0072C470
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007F64080_2_007F6408
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007364F00_2_007364F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008E546C0_2_008E546C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0071049B0_2_0071049B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007144870_2_00714487
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0071C5F00_2_0071C5F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007035B00_2_007035B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008645490_2_00864549
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007085900_2_00708590
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007486520_2_00748652
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0070164F0_2_0070164F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0073F6200_2_0073F620
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007486F00_2_007486F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D96700_2_008D9670
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007318600_2_00731860
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0070A8500_2_0070A850
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0073B8C00_2_0073B8C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0073E8A00_2_0073E8A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007489A00_2_007489A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008E09540_2_008E0954
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0072098B0_2_0072098B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00744A400_2_00744A40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00747AB00_2_00747AB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00748A800_2_00748A80
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0071DB6F0_2_0071DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00707BF00_2_00707BF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008E8B1C0_2_008E8B1C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00748C020_2_00748C02
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0072CCD00_2_0072CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008DCC460_2_008DCC46
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00746CBF0_2_00746CBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007A6CA60_2_007A6CA6
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00865C660_2_00865C66
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00728D620_2_00728D62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0072DD290_2_0072DD29
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0072FD100_2_0072FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00748E700_2_00748E70
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0072AE570_2_0072AE57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00714E2A0_2_00714E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00911E120_2_00911E12
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0070BEB00_2_0070BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00716EBF0_2_00716EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0079FF220_2_0079FF22
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0070AF100_2_0070AF10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00708FD00_2_00708FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00747FC00_2_00747FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007F4F990_2_007F4F99
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0070CAA0 appears 48 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0071D300 appears 152 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: file.exeStatic PE information: Section: ZLIB complexity 0.9994972153465347
    Source: file.exeStatic PE information: Section: bkzyowgo ZLIB complexity 0.9946315081039077
    Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@10/2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00738220 CoCreateInstance,0_2_00738220
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
    Source: file.exeStatic file information: File size 1900032 > 1048576
    Source: file.exeStatic PE information: Raw size of bkzyowgo is bigger than: 0x100000 < 0x1a6400

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.700000.0.unpack :EW;.rsrc :W;.idata :W; :EW;bkzyowgo:EW;deoenquv:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;bkzyowgo:EW;deoenquv:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: file.exeStatic PE information: real checksum: 0x1d560f should be: 0x1d7787
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: bkzyowgo
    Source: file.exeStatic PE information: section name: deoenquv
    Source: file.exeStatic PE information: section name: .taggant
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00911088 push ecx; mov dword ptr [esp], ebx0_2_009110BB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00911088 push 1113BB34h; mov dword ptr [esp], eax0_2_009110E1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007DD034 push ebx; mov dword ptr [esp], edx0_2_007DD0FF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007DD034 push esi; mov dword ptr [esp], eax0_2_007DD10E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007DD034 push edx; mov dword ptr [esp], edi0_2_007DD114
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007DD034 push 61F420E0h; mov dword ptr [esp], esp0_2_007DD17C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007DD034 push 41627580h; mov dword ptr [esp], eax0_2_007DD1CA
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007DD034 push edx; mov dword ptr [esp], edi0_2_007DD26A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007DD034 push 24DCB739h; mov dword ptr [esp], edi0_2_007DD285
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007DD034 push edi; mov dword ptr [esp], 7E7E19CDh0_2_007DD289
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007DD034 push 795B245Bh; mov dword ptr [esp], eax0_2_007DD305
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009D30C1 push ebp; mov dword ptr [esp], 40B7DF80h0_2_009D3267
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009DB05C push 01AAD1A4h; mov dword ptr [esp], edi0_2_009DB065
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009DB05C push edi; mov dword ptr [esp], ebp0_2_009DB869
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0096905A push esi; mov dword ptr [esp], edx0_2_009690BE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094E069 push ecx; mov dword ptr [esp], 2DDCC1C5h0_2_0094E07A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094E069 push ecx; mov dword ptr [esp], eax0_2_0094E0AE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094E069 push edi; mov dword ptr [esp], ebx0_2_0094E168
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0079C172 push 251335ECh; mov dword ptr [esp], eax0_2_0079C1DA
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0079C172 push 354EE8CDh; mov dword ptr [esp], eax0_2_0079C222
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0079C172 push edx; mov dword ptr [esp], 421358E1h0_2_0079C24B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009651AD push 51689985h; mov dword ptr [esp], ecx0_2_009651D9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009861D9 push eax; mov dword ptr [esp], edx0_2_00986591
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009861D9 push 064BFE0Ah; mov dword ptr [esp], ebp0_2_0098659B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC41D3 push ebx; mov dword ptr [esp], eax0_2_00BC4225
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008FC1F0 push eax; mov dword ptr [esp], edi0_2_008FDFDC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008E410E push ebx; mov dword ptr [esp], 223B8900h0_2_008E416B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008E410E push ecx; mov dword ptr [esp], 5B932B78h0_2_008E41A5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008E410E push ebx; mov dword ptr [esp], 09BD64B0h0_2_008E41F7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008E410E push edx; mov dword ptr [esp], esp0_2_008E4205
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008E410E push edx; mov dword ptr [esp], ebp0_2_008E4260
    Source: file.exeStatic PE information: section name: entropy: 7.97935522499184
    Source: file.exeStatic PE information: section name: bkzyowgo entropy: 7.954782585789858

    Boot Survival

    barindex
    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes / dynamic malware analysis system (registry check)
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8ED9D2 second address: 8ED9E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F71106F0266h 0x0000000a jmp 00007F71106F026Ah 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DE34A second address: 8DE358 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F711103FB36h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F0132 second address: 8F01B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 pop eax 0x00000007 jmp 00007F71106F0275h 0x0000000c push 00000003h 0x0000000e mov cx, E9E7h 0x00000012 push 00000000h 0x00000014 sub dword ptr [ebp+122D2E85h], esi 0x0000001a push 00000003h 0x0000001c sub dword ptr [ebp+122D1857h], eax 0x00000022 push 9F6D0F20h 0x00000027 jp 00007F71106F0276h 0x0000002d jmp 00007F71106F0270h 0x00000032 xor dword ptr [esp], 5F6D0F20h 0x00000039 sub dword ptr [ebp+122D1E71h], eax 0x0000003f lea ebx, dword ptr [ebp+1245FF90h] 0x00000045 push 00000000h 0x00000047 push esi 0x00000048 call 00007F71106F0268h 0x0000004d pop esi 0x0000004e mov dword ptr [esp+04h], esi 0x00000052 add dword ptr [esp+04h], 00000014h 0x0000005a inc esi 0x0000005b push esi 0x0000005c ret 0x0000005d pop esi 0x0000005e ret 0x0000005f xchg eax, ebx 0x00000060 push eax 0x00000061 push edx 0x00000062 push eax 0x00000063 push edx 0x00000064 jnp 00007F71106F0266h 0x0000006a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F01B9 second address: 8F01C3 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F711103FB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F022D second address: 8F0247 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F0276h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F0247 second address: 8F0251 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F711103FB3Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F0251 second address: 8F02ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 xor dword ptr [esp], 3A50ED44h 0x0000000d push 00000000h 0x0000000f push ebp 0x00000010 call 00007F71106F0268h 0x00000015 pop ebp 0x00000016 mov dword ptr [esp+04h], ebp 0x0000001a add dword ptr [esp+04h], 0000001Ah 0x00000022 inc ebp 0x00000023 push ebp 0x00000024 ret 0x00000025 pop ebp 0x00000026 ret 0x00000027 mov edx, 6EC451EDh 0x0000002c push 00000003h 0x0000002e mov cl, 3Bh 0x00000030 push 00000000h 0x00000032 and edx, dword ptr [ebp+122D2AECh] 0x00000038 push 00000003h 0x0000003a mov dword ptr [ebp+122D1BD4h], edi 0x00000040 push C79E2E80h 0x00000045 pushad 0x00000046 pushad 0x00000047 push esi 0x00000048 pop esi 0x00000049 push eax 0x0000004a pop eax 0x0000004b popad 0x0000004c push esi 0x0000004d push ecx 0x0000004e pop ecx 0x0000004f pop esi 0x00000050 popad 0x00000051 xor dword ptr [esp], 079E2E80h 0x00000058 jl 00007F71106F026Bh 0x0000005e jc 00007F71106F0276h 0x00000064 jmp 00007F71106F0270h 0x00000069 lea ebx, dword ptr [ebp+1245FF99h] 0x0000006f mov dword ptr [ebp+122D1BD4h], esi 0x00000075 xchg eax, ebx 0x00000076 push eax 0x00000077 push edx 0x00000078 jg 00007F71106F026Ch 0x0000007e jbe 00007F71106F0266h 0x00000084 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F03BD second address: 8F03C3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F03C3 second address: 8F03C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F03C9 second address: 8F03CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F03CD second address: 8F047D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop edi 0x0000000f nop 0x00000010 mov dword ptr [ebp+122D2E59h], ecx 0x00000016 push 00000000h 0x00000018 and ecx, dword ptr [ebp+122D2BC4h] 0x0000001e push 689B03D5h 0x00000023 jmp 00007F71106F0272h 0x00000028 xor dword ptr [esp], 689B0355h 0x0000002f pushad 0x00000030 jmp 00007F71106F0276h 0x00000035 mov edx, esi 0x00000037 popad 0x00000038 push 00000003h 0x0000003a mov dword ptr [ebp+122D1BD4h], edx 0x00000040 push 00000000h 0x00000042 mov dword ptr [ebp+122D22CFh], ecx 0x00000048 push 00000003h 0x0000004a mov ecx, dword ptr [ebp+122D29ECh] 0x00000050 call 00007F71106F0269h 0x00000055 jmp 00007F71106F0272h 0x0000005a push eax 0x0000005b jg 00007F71106F0278h 0x00000061 mov eax, dword ptr [esp+04h] 0x00000065 push eax 0x00000066 push edx 0x00000067 push eax 0x00000068 push edx 0x00000069 jnp 00007F71106F0266h 0x0000006f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F047D second address: 8F0483 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F0483 second address: 8F04A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F0272h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e jnl 00007F71106F0266h 0x00000014 pop edi 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F04A5 second address: 8F0501 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB3Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d jmp 00007F711103FB45h 0x00000012 pop eax 0x00000013 add esi, dword ptr [ebp+122D293Ch] 0x00000019 lea ebx, dword ptr [ebp+1245FFA4h] 0x0000001f push ecx 0x00000020 mov edi, dword ptr [ebp+122D2A58h] 0x00000026 pop edi 0x00000027 xchg eax, ebx 0x00000028 push eax 0x00000029 jmp 00007F711103FB45h 0x0000002e pop eax 0x0000002f push eax 0x00000030 push ebx 0x00000031 push ebx 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 902BD8 second address: 902C0E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F0275h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d jmp 00007F71106F0278h 0x00000012 pop edi 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 911970 second address: 911974 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 911974 second address: 91197A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91197A second address: 911982 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 911982 second address: 911986 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E4F75 second address: 8E4F86 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB3Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E4F86 second address: 8E4FA0 instructions: 0x00000000 rdtsc 0x00000002 je 00007F71106F0275h 0x00000008 jmp 00007F71106F026Fh 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 90F82B second address: 90F82F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 90F82F second address: 90F843 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F71106F0266h 0x0000000e je 00007F71106F0266h 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 90F843 second address: 90F865 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F711103FB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F711103FB44h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 90F865 second address: 90F86B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 90FA1D second address: 90FA46 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F711103FB49h 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F711103FB3Ch 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 90FB7F second address: 90FBA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jo 00007F71106F0266h 0x0000000d ja 00007F71106F0266h 0x00000013 push edx 0x00000014 pop edx 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 push esi 0x00000019 ja 00007F71106F0266h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 90FBA0 second address: 90FBC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push esi 0x00000006 jmp 00007F711103FB44h 0x0000000b pop esi 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F711103FB3Ah 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 90FBC8 second address: 90FBD8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 jbe 00007F71106F026Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 90FCEE second address: 90FD06 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB3Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 90FD06 second address: 90FD0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 90FD0A second address: 90FD0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 90FE7E second address: 90FE86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91055D second address: 9105A1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F711103FB3Fh 0x00000008 jmp 00007F711103FB3Ch 0x0000000d pop edx 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jc 00007F711103FB38h 0x00000018 pushad 0x00000019 popad 0x0000001a jmp 00007F711103FB49h 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 910719 second address: 910735 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 jmp 00007F71106F026Ch 0x0000000d je 00007F71106F0266h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 910735 second address: 91073A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91073A second address: 910744 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91089C second address: 9108A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9109EA second address: 9109EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9109EE second address: 9109F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9109F4 second address: 910A02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 911269 second address: 911282 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB41h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 911282 second address: 911296 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F0270h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9155A9 second address: 9155AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9155AD second address: 9155B3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9155B3 second address: 9155B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9155B9 second address: 9155BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9155BD second address: 9155CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9155CB second address: 9155D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9155D2 second address: 9155D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 916689 second address: 916699 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F71106F026Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 916699 second address: 9166C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jnl 00007F711103FB45h 0x00000011 mov eax, dword ptr [eax] 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jnc 00007F711103FB36h 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9166C4 second address: 9166DD instructions: 0x00000000 rdtsc 0x00000002 je 00007F71106F0266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 je 00007F71106F0266h 0x00000018 pop edi 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91C4CD second address: 91C4DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F711103FB36h 0x00000009 push eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91C4DA second address: 91C4F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jmp 00007F71106F0272h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91C4F8 second address: 91C4FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91B90D second address: 91B949 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F026Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jnp 00007F71106F0266h 0x00000010 pushad 0x00000011 popad 0x00000012 pop eax 0x00000013 push ebx 0x00000014 pushad 0x00000015 popad 0x00000016 pop ebx 0x00000017 jo 00007F71106F026Eh 0x0000001d jp 00007F71106F0266h 0x00000023 pushad 0x00000024 popad 0x00000025 popad 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a push edx 0x0000002b pop edx 0x0000002c je 00007F71106F0266h 0x00000032 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91B949 second address: 91B973 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB48h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007F711103FB3Eh 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91B973 second address: 91B978 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91B978 second address: 91B980 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91BAF0 second address: 91BB04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F71106F0270h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91BB04 second address: 91BB32 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB42h 0x00000007 jmp 00007F711103FB3Dh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e js 00007F711103FB55h 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91BD9A second address: 91BDA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91C041 second address: 91C047 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91C372 second address: 91C376 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91D7C5 second address: 91D7CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91D7CE second address: 91D7D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91D7D2 second address: 91D7D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91D884 second address: 91D8A2 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F71106F026Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 jp 00007F71106F0266h 0x00000017 pop eax 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91D8A2 second address: 91D8AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F711103FB36h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91D8AC second address: 91D8C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F026Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 jnp 00007F71106F0266h 0x00000016 pop edi 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91D8C9 second address: 91D8E2 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F711103FB3Ch 0x00000008 jng 00007F711103FB36h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 push ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91D8E2 second address: 91D8E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91DB67 second address: 91DB71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F711103FB36h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91E516 second address: 91E538 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F0274h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push edx 0x0000000f pop edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91EAC4 second address: 91EAD1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91EAD1 second address: 91EAD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91EAD5 second address: 91EADF instructions: 0x00000000 rdtsc 0x00000002 jno 00007F711103FB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91F029 second address: 91F08C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 jmp 00007F71106F0279h 0x0000000d nop 0x0000000e mov dword ptr [ebp+122D1BB8h], eax 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push edx 0x0000001b call 00007F71106F0268h 0x00000020 pop edx 0x00000021 mov dword ptr [esp+04h], edx 0x00000025 add dword ptr [esp+04h], 00000014h 0x0000002d inc edx 0x0000002e push edx 0x0000002f ret 0x00000030 pop edx 0x00000031 ret 0x00000032 jmp 00007F71106F0270h 0x00000037 xchg eax, ebx 0x00000038 push ebx 0x00000039 pushad 0x0000003a jbe 00007F71106F0266h 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9215CC second address: 9215D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 924269 second address: 92427E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F026Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pushad 0x0000000e popad 0x0000000f pop ebx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 927246 second address: 92724A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9277C9 second address: 927838 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F71106F0266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b js 00007F71106F0266h 0x00000011 pop ecx 0x00000012 popad 0x00000013 nop 0x00000014 push 00000000h 0x00000016 push edi 0x00000017 call 00007F71106F0268h 0x0000001c pop edi 0x0000001d mov dword ptr [esp+04h], edi 0x00000021 add dword ptr [esp+04h], 00000014h 0x00000029 inc edi 0x0000002a push edi 0x0000002b ret 0x0000002c pop edi 0x0000002d ret 0x0000002e mov ebx, dword ptr [ebp+122D1976h] 0x00000034 mov dword ptr [ebp+124616D0h], esi 0x0000003a push 00000000h 0x0000003c mov ebx, dword ptr [ebp+122D28F0h] 0x00000042 push 00000000h 0x00000044 je 00007F71106F0266h 0x0000004a xchg eax, esi 0x0000004b jmp 00007F71106F0278h 0x00000050 push eax 0x00000051 push esi 0x00000052 jng 00007F71106F026Ch 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 929734 second address: 929738 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 929738 second address: 92977D instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F71106F0266h 0x00000008 jmp 00007F71106F026Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edi 0x00000010 jmp 00007F71106F0278h 0x00000015 ja 00007F71106F0266h 0x0000001b pop edi 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 jnl 00007F71106F0266h 0x00000027 pushad 0x00000028 popad 0x00000029 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92977D second address: 929789 instructions: 0x00000000 rdtsc 0x00000002 je 00007F711103FB36h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 929789 second address: 92978F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92978F second address: 929795 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 929795 second address: 929799 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 929799 second address: 92979F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92AC8E second address: 92ACC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F71106F026Ch 0x0000000a popad 0x0000000b nop 0x0000000c sub ebx, 44763903h 0x00000012 push 00000000h 0x00000014 mov dword ptr [ebp+122D17F2h], ecx 0x0000001a push 00000000h 0x0000001c mov bx, cx 0x0000001f xchg eax, esi 0x00000020 push ebx 0x00000021 pushad 0x00000022 jmp 00007F71106F026Dh 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 929F0B second address: 929F13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92ACC5 second address: 92ACD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007F71106F0266h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92D2D6 second address: 92D34A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007F711103FB38h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 00000019h 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 and di, 4876h 0x0000002b push 00000000h 0x0000002d jmp 00007F711103FB3Ch 0x00000032 push 00000000h 0x00000034 mov bx, si 0x00000037 xchg eax, esi 0x00000038 push ecx 0x00000039 jg 00007F711103FB42h 0x0000003f pop ecx 0x00000040 push eax 0x00000041 push edi 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92D34A second address: 92D34E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92E1FF second address: 92E203 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92E203 second address: 92E248 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp], eax 0x0000000a sub dword ptr [ebp+122D389Ch], ecx 0x00000010 mov bx, dx 0x00000013 push 00000000h 0x00000015 xor dword ptr [ebp+1248325Fh], ebx 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push esi 0x00000020 call 00007F71106F0268h 0x00000025 pop esi 0x00000026 mov dword ptr [esp+04h], esi 0x0000002a add dword ptr [esp+04h], 00000019h 0x00000032 inc esi 0x00000033 push esi 0x00000034 ret 0x00000035 pop esi 0x00000036 ret 0x00000037 xchg eax, esi 0x00000038 push eax 0x00000039 push edx 0x0000003a push edx 0x0000003b pushad 0x0000003c popad 0x0000003d pop edx 0x0000003e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92E248 second address: 92E252 instructions: 0x00000000 rdtsc 0x00000002 js 00007F711103FB3Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92F481 second address: 92F487 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9311E9 second address: 931208 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007F711103FB43h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 931208 second address: 93120C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 93120C second address: 931260 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 mov ebx, dword ptr [ebp+122D1D17h] 0x0000000e push 00000000h 0x00000010 adc bh, 00000020h 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push esi 0x00000018 call 00007F711103FB38h 0x0000001d pop esi 0x0000001e mov dword ptr [esp+04h], esi 0x00000022 add dword ptr [esp+04h], 00000015h 0x0000002a inc esi 0x0000002b push esi 0x0000002c ret 0x0000002d pop esi 0x0000002e ret 0x0000002f mov ebx, 59A44051h 0x00000034 push eax 0x00000035 pushad 0x00000036 jmp 00007F711103FB48h 0x0000003b push ebx 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 932343 second address: 9323DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F0279h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push edx 0x0000000b mov edi, dword ptr [ebp+122D1A34h] 0x00000011 pop ebx 0x00000012 movzx edi, si 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push edi 0x0000001a call 00007F71106F0268h 0x0000001f pop edi 0x00000020 mov dword ptr [esp+04h], edi 0x00000024 add dword ptr [esp+04h], 00000018h 0x0000002c inc edi 0x0000002d push edi 0x0000002e ret 0x0000002f pop edi 0x00000030 ret 0x00000031 mov edi, 335A3AE4h 0x00000036 sub bx, 0AE1h 0x0000003b push 00000000h 0x0000003d push 00000000h 0x0000003f push ebp 0x00000040 call 00007F71106F0268h 0x00000045 pop ebp 0x00000046 mov dword ptr [esp+04h], ebp 0x0000004a add dword ptr [esp+04h], 00000014h 0x00000052 inc ebp 0x00000053 push ebp 0x00000054 ret 0x00000055 pop ebp 0x00000056 ret 0x00000057 jno 00007F71106F026Fh 0x0000005d mov edi, dword ptr [ebp+122D1C2Ch] 0x00000063 push eax 0x00000064 push eax 0x00000065 push edx 0x00000066 jo 00007F71106F026Ch 0x0000006c jns 00007F71106F0266h 0x00000072 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9323DA second address: 9323E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 933474 second address: 93347A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 93347A second address: 933499 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB3Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e je 00007F711103FB3Ch 0x00000014 jnl 00007F711103FB36h 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 933499 second address: 93350D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F71106F026Bh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e or ebx, 389D8991h 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push ebp 0x00000019 call 00007F71106F0268h 0x0000001e pop ebp 0x0000001f mov dword ptr [esp+04h], ebp 0x00000023 add dword ptr [esp+04h], 00000014h 0x0000002b inc ebp 0x0000002c push ebp 0x0000002d ret 0x0000002e pop ebp 0x0000002f ret 0x00000030 pushad 0x00000031 mov bx, A849h 0x00000035 mov ecx, dword ptr [ebp+122D1DE8h] 0x0000003b popad 0x0000003c push 00000000h 0x0000003e jc 00007F71106F0283h 0x00000044 call 00007F71106F0276h 0x00000049 sub ebx, 5267E321h 0x0000004f pop edi 0x00000050 xchg eax, esi 0x00000051 jnc 00007F71106F0270h 0x00000057 push eax 0x00000058 push edx 0x00000059 push esi 0x0000005a pop esi 0x0000005b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 935187 second address: 93518B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 93518B second address: 935198 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F71106F0266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 933614 second address: 93368A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push eax 0x0000000a jnp 00007F711103FB36h 0x00000010 pop eax 0x00000011 pop eax 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007F711103FB38h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 0000001Ah 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d pushad 0x0000002e movsx edi, cx 0x00000031 popad 0x00000032 push dword ptr fs:[00000000h] 0x00000039 mov di, ax 0x0000003c mov dword ptr fs:[00000000h], esp 0x00000043 mov bh, ch 0x00000045 mov eax, dword ptr [ebp+122D06ADh] 0x0000004b pushad 0x0000004c sub esi, dword ptr [ebp+122D2A00h] 0x00000052 mov edi, ecx 0x00000054 popad 0x00000055 push FFFFFFFFh 0x00000057 add edi, 31B9F708h 0x0000005d push eax 0x0000005e push eax 0x0000005f push edx 0x00000060 pushad 0x00000061 jg 00007F711103FB36h 0x00000067 je 00007F711103FB36h 0x0000006d popad 0x0000006e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 93458E second address: 9345A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F026Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 93819B second address: 93819F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9372F2 second address: 937313 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F0276h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 937313 second address: 937318 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 93921A second address: 93921E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9392AE second address: 9392C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB40h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9392C2 second address: 9392CC instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F71106F026Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 93BEA0 second address: 93BEAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 je 00007F711103FB36h 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E17E6 second address: 8E17F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F71106F0266h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E17F4 second address: 8E181B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jmp 00007F711103FB48h 0x0000000b pushad 0x0000000c popad 0x0000000d pop edi 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E181B second address: 8E1830 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F0271h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9465BD second address: 9465C7 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F711103FB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94D924 second address: 94D928 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94D928 second address: 94D957 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB41h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jl 00007F711103FB42h 0x00000011 ja 00007F711103FB36h 0x00000017 jbe 00007F711103FB36h 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 push ecx 0x00000022 pop ecx 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94D957 second address: 94D95D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94E41D second address: 94E421 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94E55E second address: 94E582 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 js 00007F71106F0266h 0x0000000d jmp 00007F71106F0277h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94E84F second address: 94E853 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94E853 second address: 94E86A instructions: 0x00000000 rdtsc 0x00000002 jng 00007F71106F0266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jp 00007F71106F0266h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94E86A second address: 94E86E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94E86E second address: 94E8A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F0278h 0x00000007 jng 00007F71106F0266h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 jmp 00007F71106F026Eh 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94E8A2 second address: 94E8A8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94E8A8 second address: 94E8C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F71106F0278h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94EA18 second address: 94EA33 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB47h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94EA33 second address: 94EA47 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F71106F026Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push edi 0x0000000b pop edi 0x0000000c jg 00007F71106F0272h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94EA47 second address: 94EA4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94EA4D second address: 94EA70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F71106F026Ch 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 pushad 0x00000014 jns 00007F71106F0266h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94EA70 second address: 94EA87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F711103FB40h 0x0000000b popad 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94EA87 second address: 94EA99 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F71106F026Dh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 951F7E second address: 951FAC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F711103FB47h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F711103FB3Dh 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DAC36 second address: 8DAC46 instructions: 0x00000000 rdtsc 0x00000002 js 00007F71106F0272h 0x00000008 jo 00007F71106F0266h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 957A17 second address: 957A21 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F711103FB36h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 957A21 second address: 957A40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F71106F0271h 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 957A40 second address: 957A44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 957A44 second address: 957A4E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 957A4E second address: 957A52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DFD21 second address: 8DFD2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DFD2C second address: 8DFD3E instructions: 0x00000000 rdtsc 0x00000002 jp 00007F711103FB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jng 00007F711103FB3Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9564BC second address: 9564C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9564C0 second address: 9564C6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9564C6 second address: 9564CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9564CC second address: 9564D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9564D2 second address: 9564D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95692E second address: 956932 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 956932 second address: 95694E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F71106F0271h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 956D1A second address: 956D36 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB48h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 956D36 second address: 956D3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 956D3C second address: 956D46 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F711103FB42h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 956D46 second address: 956D4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 956EAC second address: 956EB1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 956EB1 second address: 956EB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 956EB7 second address: 956EC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 956EC4 second address: 956EC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 956EC8 second address: 956EF3 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F711103FB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F711103FB43h 0x00000010 jnc 00007F711103FB36h 0x00000016 jne 00007F711103FB36h 0x0000001c popad 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9069E5 second address: 9069EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F71106F0266h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9069EF second address: 9069F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9069F5 second address: 9069FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9069FB second address: 906A01 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 906A01 second address: 906A1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jmp 00007F71106F026Fh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 906A1C second address: 906A46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F711103FB41h 0x0000000c jmp 00007F711103FB3Ah 0x00000011 jo 00007F711103FB3Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E3386 second address: 8E338A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E338A second address: 8E338E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95D747 second address: 95D74B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95D74B second address: 95D782 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F711103FB3Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jp 00007F711103FB51h 0x00000011 ja 00007F711103FB36h 0x00000017 jmp 00007F711103FB45h 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95D782 second address: 95D793 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F71106F0266h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95D793 second address: 95D797 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95C62F second address: 95C633 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95C633 second address: 95C655 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F711103FB44h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95C655 second address: 95C65F instructions: 0x00000000 rdtsc 0x00000002 jl 00007F71106F0272h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95C65F second address: 95C686 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F711103FB36h 0x0000000a jmp 00007F711103FB44h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 push eax 0x00000017 pop eax 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95C686 second address: 95C69E instructions: 0x00000000 rdtsc 0x00000002 jc 00007F71106F0266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d jnc 00007F71106F0266h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95C69E second address: 95C6A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95C9B0 second address: 95C9BA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95C9BA second address: 95C9BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95CB34 second address: 95CB50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F71106F0274h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95BFA2 second address: 95BFB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F711103FB41h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95CFBE second address: 95CFC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95D438 second address: 95D446 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pushad 0x00000006 popad 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95D446 second address: 95D44A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 961924 second address: 96192E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F711103FB36h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 925392 second address: 9253A0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9253A0 second address: 9253B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB3Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9253B3 second address: 9253C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F71106F0271h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9253C8 second address: 92540B instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F711103FB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push ecx 0x0000000e mov edx, dword ptr [ebp+122D3887h] 0x00000014 pop edi 0x00000015 lea eax, dword ptr [ebp+12495126h] 0x0000001b jmp 00007F711103FB3Eh 0x00000020 nop 0x00000021 push ebx 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F711103FB46h 0x00000029 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9254E2 second address: 9254E8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92585D second address: 925863 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 925863 second address: 925869 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92598E second address: 925994 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 925994 second address: 925998 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 925998 second address: 763A71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 jmp 00007F711103FB3Ch 0x0000000e push dword ptr [ebp+122D0F3Dh] 0x00000014 sub ecx, dword ptr [ebp+122D2C34h] 0x0000001a call dword ptr [ebp+122D20A8h] 0x00000020 pushad 0x00000021 jmp 00007F711103FB3Ah 0x00000026 jc 00007F711103FB55h 0x0000002c jg 00007F711103FB4Fh 0x00000032 xor eax, eax 0x00000034 cmc 0x00000035 mov edx, dword ptr [esp+28h] 0x00000039 cmc 0x0000003a mov dword ptr [ebp+122D2BC8h], eax 0x00000040 jmp 00007F711103FB3Bh 0x00000045 mov esi, 0000003Ch 0x0000004a jnp 00007F711103FB44h 0x00000050 pushad 0x00000051 mov eax, dword ptr [ebp+122D2C0Ch] 0x00000057 or dword ptr [ebp+122D1A09h], edx 0x0000005d popad 0x0000005e add esi, dword ptr [esp+24h] 0x00000062 mov dword ptr [ebp+122D1BDDh], edx 0x00000068 lodsw 0x0000006a jmp 00007F711103FB41h 0x0000006f add eax, dword ptr [esp+24h] 0x00000073 mov dword ptr [ebp+122D1BDDh], esi 0x00000079 mov ebx, dword ptr [esp+24h] 0x0000007d xor dword ptr [ebp+122D1BF6h], edx 0x00000083 push eax 0x00000084 jg 00007F711103FB42h 0x0000008a jns 00007F711103FB3Ch 0x00000090 push eax 0x00000091 push edx 0x00000092 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9259E4 second address: 9259E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 925B28 second address: 925B32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F711103FB36h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 925B32 second address: 925B56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jnp 00007F71106F0270h 0x0000000f xchg eax, esi 0x00000010 nop 0x00000011 push esi 0x00000012 jo 00007F71106F026Ch 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 925B56 second address: 925B6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 jmp 00007F711103FB3Bh 0x0000000e pop esi 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 925E78 second address: 925EE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push eax 0x0000000e call 00007F71106F0268h 0x00000013 pop eax 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 add dword ptr [esp+04h], 00000015h 0x00000020 inc eax 0x00000021 push eax 0x00000022 ret 0x00000023 pop eax 0x00000024 ret 0x00000025 xor dx, B6A8h 0x0000002a push 00000004h 0x0000002c push 00000000h 0x0000002e push edi 0x0000002f call 00007F71106F0268h 0x00000034 pop edi 0x00000035 mov dword ptr [esp+04h], edi 0x00000039 add dword ptr [esp+04h], 00000014h 0x00000041 inc edi 0x00000042 push edi 0x00000043 ret 0x00000044 pop edi 0x00000045 ret 0x00000046 mov edi, dword ptr [ebp+122D2A68h] 0x0000004c jg 00007F71106F0271h 0x00000052 nop 0x00000053 push eax 0x00000054 push edx 0x00000055 push esi 0x00000056 jng 00007F71106F0266h 0x0000005c pop esi 0x0000005d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 925EE5 second address: 925EEA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9263E6 second address: 9263EC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 961BF3 second address: 961C19 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F711103FB47h 0x0000000b pushad 0x0000000c jno 00007F711103FB36h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 925B45 second address: 925B56 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 xchg eax, esi 0x00000007 nop 0x00000008 push esi 0x00000009 jo 00007F71106F026Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9621C2 second address: 9621EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB48h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F711103FB3Ah 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 962613 second address: 962617 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 962617 second address: 96262E instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F711103FB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jo 00007F711103FB36h 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96587B second address: 965885 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F71106F0266h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 965885 second address: 96589F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB3Dh 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96589F second address: 9658A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9658A5 second address: 9658AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96925B second address: 969272 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F71106F0272h 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 969272 second address: 969299 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F711103FB3Eh 0x00000009 jmp 00007F711103FB45h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 969299 second address: 9692CE instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F71106F0266h 0x00000008 jp 00007F71106F0266h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jmp 00007F71106F0273h 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push esi 0x0000001b pop esi 0x0000001c jmp 00007F71106F026Bh 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9692CE second address: 9692E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB44h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9692E6 second address: 9692F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jno 00007F71106F0266h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96E924 second address: 96E950 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB3Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F711103FB48h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96E950 second address: 96E960 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F71106F026Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96E960 second address: 96E97B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F711103FB47h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96E97B second address: 96E97F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96E675 second address: 96E679 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96FEE2 second address: 96FEE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96FEE8 second address: 96FF09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F711103FB43h 0x0000000d jnc 00007F711103FB36h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96FF09 second address: 96FF26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F71106F0272h 0x0000000c popad 0x0000000d pushad 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96FF26 second address: 96FF58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F711103FB3Ah 0x00000009 pop edi 0x0000000a jmp 00007F711103FB41h 0x0000000f push eax 0x00000010 jmp 00007F711103FB3Fh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97538E second address: 975392 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 975392 second address: 975398 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 975AC0 second address: 975AC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 975AC6 second address: 975ACB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 926067 second address: 92607F instructions: 0x00000000 rdtsc 0x00000002 jl 00007F71106F0266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jo 00007F71106F0266h 0x00000017 popad 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9262A5 second address: 9262C3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F711103FB44h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97985F second address: 979864 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 979864 second address: 979869 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97CA32 second address: 97CA3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97CA3B second address: 97CA45 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F711103FB36h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97CD11 second address: 97CD1E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97CD1E second address: 97CD22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97CD22 second address: 97CD2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97D02E second address: 97D04E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F711103FB48h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97D1A9 second address: 97D1B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97D1B1 second address: 97D1D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007F711103FB45h 0x0000000b popad 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f jc 00007F711103FB36h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97D1D7 second address: 97D1DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 985ABB second address: 985AC5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 983C42 second address: 983C46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 983C46 second address: 983C5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F711103FB36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jg 00007F711103FB3Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 984068 second address: 984079 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F71106F0266h 0x0000000a js 00007F71106F0266h 0x00000010 popad 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 984079 second address: 984096 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F711103FB47h 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 984096 second address: 98409A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98409A second address: 9840A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9848C2 second address: 984900 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007F71106F0273h 0x0000000b jmp 00007F71106F026Bh 0x00000010 pushad 0x00000011 jnl 00007F71106F0266h 0x00000017 jmp 00007F71106F0271h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 984F5D second address: 984F7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F711103FB45h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 984F7F second address: 984F83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 984F83 second address: 984F87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 984F87 second address: 984F96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98522A second address: 98522E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98522E second address: 985234 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 985234 second address: 985239 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 985239 second address: 98523F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 985510 second address: 98552A instructions: 0x00000000 rdtsc 0x00000002 jc 00007F711103FB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F711103FB3Dh 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98552A second address: 985530 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9897E3 second address: 9897F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F711103FB3Bh 0x00000009 jno 00007F711103FB36h 0x0000000f popad 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9897F9 second address: 989811 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F71106F0272h 0x00000008 jmp 00007F71106F026Ah 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 989811 second address: 98981B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F711103FB36h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 989D64 second address: 989D8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F71106F0266h 0x0000000a jnl 00007F71106F0266h 0x00000010 popad 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F71106F0273h 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 989D8E second address: 989D93 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 989D93 second address: 989DA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007F71106F0266h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 989DA0 second address: 989DAF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB3Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 989F25 second address: 989F29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 989F29 second address: 989F5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007F711103FB3Eh 0x0000000c push edx 0x0000000d jmp 00007F711103FB44h 0x00000012 push eax 0x00000013 pop eax 0x00000014 pop edx 0x00000015 popad 0x00000016 push ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 989F5B second address: 989F5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98A228 second address: 98A22C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98A22C second address: 98A235 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98A235 second address: 98A24E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 pushad 0x00000007 push edi 0x00000008 pushad 0x00000009 popad 0x0000000a ja 00007F711103FB36h 0x00000010 pop edi 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 pop edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98A24E second address: 98A252 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98A252 second address: 98A256 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 996AD3 second address: 996B1D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F0271h 0x00000007 pushad 0x00000008 jmp 00007F71106F0275h 0x0000000d jmp 00007F71106F026Dh 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F71106F026Dh 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 994EEE second address: 994EF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 995166 second address: 995184 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F71106F0271h 0x00000009 pushad 0x0000000a popad 0x0000000b jng 00007F71106F0266h 0x00000011 popad 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9952F2 second address: 9952F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9954AA second address: 9954C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007F71106F0266h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jc 00007F71106F026Eh 0x00000012 push eax 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9954C0 second address: 9954C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9954C4 second address: 9954CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9954CA second address: 9954D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9954D0 second address: 9954D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 995925 second address: 995929 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 995929 second address: 99592D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99592D second address: 995933 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 995933 second address: 99593C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push edx 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99593C second address: 99594D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F711103FB36h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9962C6 second address: 9962CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9962CA second address: 9962D4 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F711103FB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 996948 second address: 99697C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F0276h 0x00000007 jmp 00007F71106F026Fh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 jg 00007F71106F0266h 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99697C second address: 99699B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F711103FB44h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99699B second address: 9969AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F71106F0266h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99F3C3 second address: 99F3DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F711103FB44h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99F518 second address: 99F545 instructions: 0x00000000 rdtsc 0x00000002 js 00007F71106F0266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b pushad 0x0000000c popad 0x0000000d jo 00007F71106F0266h 0x00000013 pop ebx 0x00000014 jmp 00007F71106F0274h 0x00000019 popad 0x0000001a push ecx 0x0000001b push ecx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A30AA second address: 9A30B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A30B0 second address: 9A30C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F026Ch 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A30C5 second address: 9A30D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F711103FB36h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A30D7 second address: 9A30FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F71106F026Bh 0x0000000b popad 0x0000000c push ebx 0x0000000d jl 00007F71106F0266h 0x00000013 pop ebx 0x00000014 popad 0x00000015 jc 00007F71106F028Ah 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AA910 second address: 9AA948 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F711103FB36h 0x0000000a popad 0x0000000b jno 00007F711103FB5Ah 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AA948 second address: 9AA94E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AA7A9 second address: 9AA7AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AA7AF second address: 9AA7B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AA7B5 second address: 9AA7C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jng 00007F711103FB36h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B7C66 second address: 9B7C7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F71106F0274h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B7C7E second address: 9B7CAC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F711103FB47h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F711103FB3Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B7DF3 second address: 9B7DF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B7DF9 second address: 9B7DFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B7DFD second address: 9B7E0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F71106F026Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BCC02 second address: 9BCC1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 jmp 00007F711103FB40h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C44BA second address: 9C44D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 jp 00007F71106F0266h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jl 00007F71106F0268h 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C44D4 second address: 9C44DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C44DA second address: 9C44DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C92A1 second address: 9C92AB instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F711103FB50h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CEC54 second address: 9CEC5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CEC5C second address: 9CEC67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CD7F8 second address: 9CD7FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CDA9E second address: 9CDAC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F711103FB40h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F711103FB40h 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CDAC8 second address: 9CDAD2 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F71106F0266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CDC55 second address: 9CDC5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CDC5A second address: 9CDCA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jl 00007F71106F0266h 0x0000000e jmp 00007F71106F0275h 0x00000013 push eax 0x00000014 pop eax 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b jmp 00007F71106F026Eh 0x00000020 jmp 00007F71106F026Dh 0x00000025 jne 00007F71106F0266h 0x0000002b pushad 0x0000002c popad 0x0000002d popad 0x0000002e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CDCA9 second address: 9CDCCD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB47h 0x00000007 pushad 0x00000008 js 00007F711103FB36h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CDFCB second address: 9CDFE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F71106F026Ch 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F71106F026Ah 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D1693 second address: 9D16B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007F711103FB3Eh 0x0000000a jno 00007F711103FB36h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D16B1 second address: 9D16B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D13B9 second address: 9D13CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F711103FB3Eh 0x0000000c jnl 00007F711103FB36h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E4086 second address: 9E40B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F71106F026Bh 0x00000009 pushad 0x0000000a popad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d popad 0x0000000e jmp 00007F71106F0273h 0x00000013 push eax 0x00000014 push edx 0x00000015 push ebx 0x00000016 push edx 0x00000017 pop edx 0x00000018 pop ebx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0AA62 second address: A0AA68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A09A24 second address: A09A28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A09A28 second address: A09A37 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jnc 00007F711103FB36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A09A37 second address: A09A46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 jg 00007F71106F0266h 0x0000000e popad 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A09B6D second address: A09B71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A09B71 second address: A09B7D instructions: 0x00000000 rdtsc 0x00000002 jp 00007F71106F0266h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A09B7D second address: A09B88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F711103FB36h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A09B88 second address: A09B8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A09B8E second address: A09BBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F711103FB36h 0x0000000a popad 0x0000000b jnp 00007F711103FB38h 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push ebx 0x00000014 push edi 0x00000015 jmp 00007F711103FB3Bh 0x0000001a pushad 0x0000001b popad 0x0000001c pop edi 0x0000001d pushad 0x0000001e push edi 0x0000001f pop edi 0x00000020 pushad 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0A237 second address: A0A247 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F71106F026Bh 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0A657 second address: A0A669 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F711103FB3Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0C025 second address: A0C029 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A10049 second address: A10053 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F711103FB36h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A10053 second address: A10057 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1050A second address: A1050E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1050E second address: A10519 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A10519 second address: A1056C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007F711103FB38h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 0000001Ch 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 or edx, dword ptr [ebp+122D2C08h] 0x00000029 push dword ptr [ebp+122D185Dh] 0x0000002f jmp 00007F711103FB3Ch 0x00000034 call 00007F711103FB39h 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1056C second address: A10572 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A10572 second address: A10577 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A10577 second address: A10585 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A10585 second address: A1058C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1058C second address: A10596 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F71106F0266h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A10596 second address: A105B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F711103FB3Dh 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A105B1 second address: A105BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F71106F0266h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A11E13 second address: A11E19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A11E19 second address: A11E23 instructions: 0x00000000 rdtsc 0x00000002 js 00007F71106F0266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52E0D57 second address: 52E0DF5 instructions: 0x00000000 rdtsc 0x00000002 movsx edx, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 test ecx, ecx 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F711103FB3Eh 0x00000011 add ax, 5698h 0x00000016 jmp 00007F711103FB3Bh 0x0000001b popfd 0x0000001c mov bl, ch 0x0000001e popad 0x0000001f jns 00007F711103FB69h 0x00000025 jmp 00007F711103FB3Bh 0x0000002a add eax, ecx 0x0000002c pushad 0x0000002d mov si, B05Bh 0x00000031 pushfd 0x00000032 jmp 00007F711103FB40h 0x00000037 and cl, 00000028h 0x0000003a jmp 00007F711103FB3Bh 0x0000003f popfd 0x00000040 popad 0x00000041 mov eax, dword ptr [eax+00000860h] 0x00000047 jmp 00007F711103FB46h 0x0000004c test eax, eax 0x0000004e jmp 00007F711103FB40h 0x00000053 je 00007F71817D5AA9h 0x00000059 pushad 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 920562 second address: 920566 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Tries to evade debugger and weak emulator (self modifying code)
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 763AC0 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 916521 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 7615C6 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 92554D instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 9A5C10 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 2668Thread sleep time: -60000s >= -30000sJump to behavior
    Source: file.exe, file.exe, 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: file.exe, 00000000.00000003.2081775776.0000000001361000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072046452.0000000001362000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100332469.0000000001365000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: file.exe, 00000000.00000002.2100133693.00000000012EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWxl6
    Source: file.exe, 00000000.00000003.2081775776.0000000001361000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072046452.0000000001362000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100332469.0000000001365000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
    Source: file.exe, 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (window names)
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00745BB0 LdrInitializeThunk,0_2_00745BB0

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: file.exeString found in binary or memory: clearancek.site
    Source: file.exeString found in binary or memory: licendfilteo.site
    Source: file.exeString found in binary or memory: spirittunek.stor
    Source: file.exeString found in binary or memory: bathdoomgaz.stor
    Source: file.exeString found in binary or memory: studennotediw.stor
    Source: file.exeString found in binary or memory: dissapoiznw.stor
    Source: file.exeString found in binary or memory: eaglepawnoy.stor
    Source: file.exeString found in binary or memory: mobbipenju.stor
    Source: file.exe, 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Program Manager
    Source: file.exeBinary or memory string: . Program Manager
    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Command and Scripting Interpreter    		1
    DLL Side-Loading    		1
    Process Injection    		24
    Virtualization/Sandbox Evasion    		OS Credential Dumping631
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    PowerShell    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Process Injection    		LSASS Memory24
    Virtualization/Sandbox Evasion    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive3
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
    Obfuscated Files or Information    		NTDS23
    System Information Discovery    		Distributed Component Object ModelInput Capture114
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe100%AviraTR/Crypt.ZPACK.Gen
    file.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    SourceDetectionScannerLabelLink
    steamcommunity.com0%VirustotalBrowse
    sergei-esenin.com17%VirustotalBrowse
    eaglepawnoy.store19%VirustotalBrowse
    spirittunek.store19%VirustotalBrowse
    mobbipenju.store18%VirustotalBrowse
    bathdoomgaz.store18%VirustotalBrowse
    clearancek.site18%VirustotalBrowse
    studennotediw.store18%VirustotalBrowse
    dissapoiznw.store18%VirustotalBrowse
    licendfilteo.site16%VirustotalBrowse

    URLs

    SourceDetectionScannerLabelLink
    https://player.vimeo.com0%URL Reputationsafe
    https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f0%URL Reputationsafe
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
    https://steam.tv/0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900100%URL Reputationmalware
    https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=english0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://lv.queniujq.cn0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/inventory/100%URL Reputationmalware
    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=en0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
    https://checkout.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
    https://store.steampowered.com/;0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r10%URL Reputationsafe
    https://recaptcha.net/recaptcha/;0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=en0%URL Reputationsafe
    https://store.steampowered.com/stats/0%URL Reputationsafe
    https://medal.tv0%URL Reputationsafe
    https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=10%URL Reputationsafe
    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
    https://login.steampowered.com/0%URL Reputationsafe
    https://store.steampowered.com/legal/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=engl0%URL Reputationsafe
    https://steamcommunity.com/my/wish0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_com0%VirustotalBrowse
    https://sergei-esenin.com/0%VirustotalBrowse
    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp0%VirustotalBrowse
    https://www.youtube.com0%VirustotalBrowse
    https://store.steampowered.com/ne0%VirustotalBrowse
    https://www.google.com0%VirustotalBrowse
    studennotediw.store18%VirustotalBrowse
    dissapoiznw.store18%VirustotalBrowse
    https://steamcommunity.com/?subsection=broadcasts0%VirustotalBrowse
    https://www.youtube.com/0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isF0%VirustotalBrowse
    https://sketchfab.com0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=M7aU0%VirustotalBrowse
    https://www.google.com/recaptcha/0%VirustotalBrowse
    eaglepawnoy.store19%VirustotalBrowse
    https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englis0%VirustotalBrowse
    https://steamcommunity.com/my/wishlist/0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/shared/javascript/shared0%VirustotalBrowse

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truetrueunknown
    sergei-esenin.com
    		172.67.206.204
    		truetrueunknown
    eaglepawnoy.store
    		unknown
    		unknowntrueunknown
    bathdoomgaz.store
    		unknown
    		unknowntrueunknown
    spirittunek.store
    		unknown
    		unknowntrueunknown
    licendfilteo.site
    		unknown
    		unknowntrueunknown
    studennotediw.store
    		unknown
    		unknowntrueunknown
    mobbipenju.store
    		unknown
    		unknowntrueunknown
    clearancek.site
    		unknown
    		unknowntrueunknown
    dissapoiznw.store
    		unknown
    		unknowntrueunknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    studennotediw.storetrueunknown
    dissapoiznw.storetrueunknown
    https://steamcommunity.com/profiles/76561199724331900true
    • URL Reputation: malware
    		unknown
    eaglepawnoy.storetrueunknown
    bathdoomgaz.storetrue
      		unknown
      clearancek.sitetrue
        		unknown
        spirittunek.storetrue
          		unknown
          licendfilteo.sitetrue
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://player.vimeo.comfile.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_comfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpfalseunknown
            https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englifile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpfalse
              		unknown
              https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&ampfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5ffile.exe, 00000000.00000003.2081775776.0000000001361000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072046452.0000000001362000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100332469.0000000001365000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://steamcommunity.com/?subsection=broadcastsfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              https://steamcommunity.com/my/wishfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfebfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              https://sergei-esenin.com/file.exe, 00000000.00000003.2081999136.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081775776.0000000001343000.00000004.00000020.00020000.00000000.sdmptrueunknown
              https://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://www.gstatic.cn/recaptcha/file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://community.akamai.steamstatic.com/puQfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown
                https://store.steampowered.com/nefile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                https://steamcommunity.com/login/hfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  http://www.valvesoftware.com/legal.htmfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.youtube.comfile.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                  https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.google.comfile.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                  https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.akam=Sfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://s.ytimg.com;file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      https://steam.tv/file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=englishfile.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://store.steampowerfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        http://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://community.akamfile.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=M7aUfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                          https://store.steampowered.com/points/shop/file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://sketchfab.comfile.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                          https://lv.queniujq.cnfile.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://steamcommunity.com/profiles/76561199724331900/inventory/file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmptrue
                          • URL Reputation: malware
                          		unknown
                          https://www.youtube.com/file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                          https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgfile.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=enfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&afile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                          https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                          https://www.google.com/recaptcha/file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                          https://checkout.steampowered.com/file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=englishfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=englishfile.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://avatars.akamai.steamstaticfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englisfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                            https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://store.steampowered.com/;file.exe, 00000000.00000003.2081775776.0000000001361000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072046452.0000000001362000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100332469.0000000001365000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://store.steampowered.com/about/file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://steamcommunity.com/my/wishlist/file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                            https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=englishfile.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://community.akamai.steamstatic.com/public/shared/javascript/sharedfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                            https://help.steampowered.com/en/file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                            https://steamcommunity.com/market/file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              https://store.steampowered.com/news/file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://community.akamai.steamstatic.com/file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://community.akamai.steamstatic.com/public/javascrifile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://community.akamai.steamstatic.com/pufile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://recaptcha.net/recaptcha/;file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=enfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://steamcommunity.com/discussions/file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://studennotediw.store/apiSfile.exe, 00000000.00000003.2081775776.0000000001361000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072046452.0000000001362000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100332469.0000000001365000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://store.steampowered.com/stats/file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://medal.tvfile.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://broadcast.st.dl.eccdnx.comfile.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://steamcommunity.com/Qfile.exe, 00000000.00000002.2100236403.0000000001343000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081775776.0000000001343000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://store.steampowered.com/steam_refunds/file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://sergei-esenin.com/api3file.exe, 00000000.00000002.2100236403.000000000132E000.00000004.00000020.00020000.00000000.sdmptrue
                                              		unknown
                                              https://steamcommunity.com/workshop/file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://login.steampowered.com/file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://store.steamfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://store.steampowered.com/legal/file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://community.akama0Qfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://sergei-esenin.com/api;file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100358321.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081999136.0000000001383000.00000004.00000020.00020000.00000000.sdmptrue
                                                      		unknown
                                                      https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=efile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=Gu9gs5hffile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://community.akamai.steamstatic.com/public/css/pfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvfile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=englfile.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://store.steampowefile.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=IZH_ONwLX4kw&amp;l=efile.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown

                                                                World Map of Contacted IPs

                                                                • No. of IPs < 25%
                                                                • 25% < No. of IPs < 50%
                                                                • 50% < No. of IPs < 75%
                                                                • 75% < No. of IPs

                                                                Public IPs

                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                104.102.49.254
                                                                		steamcommunity.comUnited States
                                                                		16625AKAMAI-ASUStrue
                                                                172.67.206.204
                                                                		sergei-esenin.comUnited States
                                                                		13335CLOUDFLARENETUStrue

                                                                General Information

                                                                Joe Sandbox version:41.0.0 Charoite
                                                                Analysis ID:1530694
                                                                Start date and time:2024-10-10 12:04:09 +02:00
                                                                Joe Sandbox product:CloudBasic
                                                                Overall analysis duration:0h 2m 50s
                                                                Hypervisor based Inspection enabled:false
                                                                Report type:full
                                                                Cookbook file name:default.jbs
                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                Number of analysed new started processes analysed:2
                                                                Number of new started drivers analysed:0
                                                                Number of existing processes analysed:0
                                                                Number of existing drivers analysed:0
                                                                Number of injected processes analysed:0
                                                                Technologies:
                                                                • HCA enabled
                                                                • EGA enabled
                                                                • AMSI enabled
                                                                Analysis Mode:default
                                                                Analysis stop reason:Timeout
                                                                Sample name:file.exe
                                                                Detection:MAL
                                                                Classification:mal100.troj.evad.winEXE@1/0@10/2
                                                                EGA Information:
                                                                • Successful, ratio: 100%
                                                                HCA Information:Failed
                                                                Cookbook Comments:
                                                                • Found application associated with file extension: .exe
                                                                • Stop behavior analysis, all processes terminated

                                                                Warnings

                                                                • Exclude process from analysis (whitelisted): dllhost.exe
                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                                Simulations

                                                                Behavior and APIs

                                                                TimeTypeDescription
                                                                06:05:03API Interceptor2x Sleep call for process: file.exe modified

                                                                Joe Sandbox View / Context

                                                                IPs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                • www.valvesoftware.com/legal.htm
                                                                172.67.206.204zYlQoif21X.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, StealcBrowse
                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                            KatYaQjgkt.exeGet hashmaliciousLummaCBrowse
                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                  file.exeGet hashmaliciousLummaCBrowse

                                                                                    Domains

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    sergei-esenin.comfile.exeGet hashmaliciousLummaCBrowse
                                                                                    • 104.21.53.8
                                                                                    zYlQoif21X.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, StealcBrowse
                                                                                    • 172.67.206.204
                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                    • 104.21.53.8
                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                    • 172.67.206.204
                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                    • 172.67.206.204
                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                    • 172.67.206.204
                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                    • 104.21.53.8
                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                    • 172.67.206.204
                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                    • 172.67.206.204
                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                    • 104.21.53.8
                                                                                    steamcommunity.comfile.exeGet hashmaliciousLummaCBrowse
                                                                                    • 23.192.247.89
                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                    • 104.102.49.254
                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                    • 104.102.49.254
                                                                                    zYlQoif21X.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, StealcBrowse
                                                                                    • 104.102.49.254
                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                    • 104.102.49.254
                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                    • 104.102.49.254
                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                    • 104.102.49.254
                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                    • 104.102.49.254
                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                    • 104.102.49.254
                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                    • 104.102.49.254

                                                                                    ASNs

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    CLOUDFLARENETUShttps://na4.docusign.net/Signing/EmailStart.aspx?a=b4cf6218-13ec-46d9-aa5c-10723ebe7e7f&etti=24&acct=d9c705c1-5012-4d8b-98f5-b9c62798fde2&er=efa4815b-08b1-4fe7-b32f-ac28ff7e2554Get hashmaliciousHTMLPhisherBrowse
                                                                                    • 104.17.25.14
                                                                                    rTEKL__FTALEPVEF__YATTEKL__F___xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                    • 188.114.97.3
                                                                                    Order Specifications for Materials.docx.exeGet hashmaliciousAgentTeslaBrowse
                                                                                    • 172.67.74.152
                                                                                    http://growthsparkplus.thsite.top/?email=anna@cellnextelecom.comGet hashmaliciousUnknownBrowse
                                                                                    • 188.114.96.3
                                                                                    MFSA-MiFID-APS-P2_20241007-Annex2_DOC-R-v1.1.exeGet hashmaliciousUnknownBrowse
                                                                                    • 172.67.158.46
                                                                                    https://pub-26ee9be236b54d0cb1b570a203543b93.r2.dev/iyada.txtGet hashmaliciousUnknownBrowse
                                                                                    • 162.159.140.237
                                                                                    MFSA-MiFID-APS-P2_20241003_ Submission Requirements.exeGet hashmaliciousUnknownBrowse
                                                                                    • 188.114.97.3
                                                                                    ADSP-21593BBPZ10 Analog Devices, Inc. 5000.exeGet hashmaliciousCryptOne, Snake Keylogger, VIP KeyloggerBrowse
                                                                                    • 188.114.96.3
                                                                                    Zahlung_09102024,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                    • 188.114.96.3
                                                                                    PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                    • 104.26.12.205
                                                                                    AKAMAI-ASUSfile.exeGet hashmaliciousLummaCBrowse
                                                                                    • 23.192.247.89
                                                                                    na.elfGet hashmaliciousUnknownBrowse
                                                                                    • 23.72.69.188
                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                    • 104.102.49.254
                                                                                    na.elfGet hashmaliciousMiraiBrowse
                                                                                    • 104.113.196.16
                                                                                    Quarantined Messages(11).zipGet hashmaliciousHTMLPhisherBrowse
                                                                                    • 2.19.126.151
                                                                                    https://w7950.app.blinkops.com/Get hashmaliciousUnknownBrowse
                                                                                    • 2.19.126.219
                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                    • 104.102.49.254
                                                                                    zYlQoif21X.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, StealcBrowse
                                                                                    • 104.102.49.254
                                                                                    na.elfGet hashmaliciousUnknownBrowse
                                                                                    • 23.40.71.125
                                                                                    Rechnung0192839182.pdfGet hashmaliciousUnknownBrowse
                                                                                    • 23.46.224.162

                                                                                    JA3 Fingerprints

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaCBrowse
                                                                                    • 104.102.49.254
                                                                                    • 172.67.206.204
                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                    • 104.102.49.254
                                                                                    • 172.67.206.204
                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                    • 104.102.49.254
                                                                                    • 172.67.206.204
                                                                                    zYlQoif21X.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, StealcBrowse
                                                                                    • 104.102.49.254
                                                                                    • 172.67.206.204
                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                    • 104.102.49.254
                                                                                    • 172.67.206.204
                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                    • 104.102.49.254
                                                                                    • 172.67.206.204
                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                    • 104.102.49.254
                                                                                    • 172.67.206.204
                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                    • 104.102.49.254
                                                                                    • 172.67.206.204
                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                    • 104.102.49.254
                                                                                    • 172.67.206.204
                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                    • 104.102.49.254
                                                                                    • 172.67.206.204

                                                                                    Dropped Files

                                                                                    No context

                                                                                    Created / dropped Files

                                                                                    No created / dropped files found

                                                                                    Static File Info

                                                                                    General

                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                    Entropy (8bit):7.9493905757164365
                                                                                    TrID:
                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                    File name:file.exe
                                                                                    File size:1'900'032 bytes
                                                                                    MD5:9ca76584366a4a0a5fc35324672f22af
                                                                                    SHA1:b22c6cd8e976b11e67b548d4df93f8253cf53a20
                                                                                    SHA256:3289ba8ea3f0dad99f413df7fef1b6d18063978d4ad49f9526347aaa093166b7
                                                                                    SHA512:9ace3bf05dea4b55f498ff268113dad4d767753d1470a2ac925734e881f49ab223c40ba7577d0d9b2bf1e39febc357b4b6241d474cf55d6849007811a9605ba5
                                                                                    SSDEEP:49152:n3O9a5N9WePiQMUTJlZ9IyP7lbuuBbXWi11G:3IqN9LMUTJlZKkpuiJk
                                                                                    TLSH:A9953300833BFBE8D49F4771C96DEA18F4784BFA9C5B842BB894647294A720671F8D1D
                                                                                    File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f.............................PL...........@...........................L......V....@.................................W...k..

                                                                                    File Icon

                                                                                    Icon Hash:00928e8e8686b000

                                                                                    Static PE Info

                                                                                    General

                                                                                    Entrypoint:0x8c5000
                                                                                    Entrypoint Section:.taggant
                                                                                    Digitally signed:false
                                                                                    Imagebase:0x400000
                                                                                    Subsystem:windows gui
                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                    DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                    Time Stamp:0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
                                                                                    TLS Callbacks:
                                                                                    CLR (.Net) Version:
                                                                                    OS Version Major:6
                                                                                    OS Version Minor:0
                                                                                    File Version Major:6
                                                                                    File Version Minor:0
                                                                                    Subsystem Version Major:6
                                                                                    Subsystem Version Minor:0
                                                                                    Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                    Entrypoint Preview

                                                                                    Instruction
                                                                                    jmp 00007F71104CDF9Ah
                                                                                    paddusb mm3, qword ptr [eax+eax]
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    jmp 00007F71104CFF95h
                                                                                    add byte ptr [edx], al
                                                                                    or al, byte ptr [eax]
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], dh
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add al, 00h
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [ecx], al
                                                                                    add byte ptr [eax], 00000000h
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    adc byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    or ecx, dword ptr [edx]
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    inc eax
                                                                                    or al, byte ptr [eax]
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [ecx], al
                                                                                    add byte ptr [eax], 00000000h
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    adc byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add cl, byte ptr [edx]
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    xor byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    pop ds
                                                                                    add byte ptr [eax+000000FEh], ah
                                                                                    add byte ptr [edx], ah
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [ecx], al
                                                                                    add byte ptr [eax], 00000000h
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    adc byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add dword ptr [edx], ecx
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    xor byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add dword ptr [eax+00000000h], eax
                                                                                    add byte ptr [eax], al

                                                                                    Data Directories

                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x5f0570x6b.idata
                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x5f1f80x8.idata
                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                    Sections

                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                    0x10000x5d0000x25e00168e7bcaf9fbd6b832cdddcc535a3bd2False0.9994972153465347data7.97935522499184IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                    .rsrc 0x5e0000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                    .idata 0x5f0000x10000x200fe72def8b74193a84232a780098a7ce0False0.150390625data1.04205214219471IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                    0x600000x2bd0000x20040acaada376ba8a72da115517903bdcaunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                    bkzyowgo0x31d0000x1a70000x1a6400f0bdd6d491177b2e0f723edd0afa70bfFalse0.9946315081039077data7.954782585789858IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                    deoenquv0x4c40000x10000x60099b8679ab1051cb12d94db241202e8ffFalse0.5677083333333334data4.940168837900271IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                    .taggant0x4c50000x30000x22005a8201e0c011bb75e1336341083a754fFalse0.06341911764705882DOS executable (COM)0.7546706037028988IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                    Imports

                                                                                    DLLImport
                                                                                    kernel32.dlllstrcpy

                                                                                    Network Behavior

                                                                                    Suricata IDS Alerts

                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                    2024-10-10T12:05:04.570327+02002056471ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)1192.168.2.5611911.1.1.153UDP
                                                                                    2024-10-10T12:05:04.585746+02002056485ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)1192.168.2.5631541.1.1.153UDP
                                                                                    2024-10-10T12:05:04.597318+02002056483ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)1192.168.2.5625831.1.1.153UDP
                                                                                    2024-10-10T12:05:04.608524+02002056481ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)1192.168.2.5504791.1.1.153UDP
                                                                                    2024-10-10T12:05:04.619284+02002056479ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)1192.168.2.5585351.1.1.153UDP
                                                                                    2024-10-10T12:05:04.630209+02002056477ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)1192.168.2.5605111.1.1.153UDP
                                                                                    2024-10-10T12:05:04.642129+02002056475ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)1192.168.2.5571611.1.1.153UDP
                                                                                    2024-10-10T12:05:04.653882+02002056473ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)1192.168.2.5616151.1.1.153UDP
                                                                                    2024-10-10T12:05:05.962829+02002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.549706104.102.49.254443TCP
                                                                                    2024-10-10T12:05:07.031541+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.549707172.67.206.204443TCP
                                                                                    2024-10-10T12:05:07.031541+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549707172.67.206.204443TCP

                                                                                    Network Port Distribution

                                                                                    TCP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Oct 10, 2024 12:05:04.686460972 CEST49706443192.168.2.5104.102.49.254
                                                                                    Oct 10, 2024 12:05:04.686553001 CEST44349706104.102.49.254192.168.2.5
                                                                                    Oct 10, 2024 12:05:04.686645985 CEST49706443192.168.2.5104.102.49.254
                                                                                    Oct 10, 2024 12:05:04.687973022 CEST49706443192.168.2.5104.102.49.254
                                                                                    Oct 10, 2024 12:05:04.688010931 CEST44349706104.102.49.254192.168.2.5
                                                                                    Oct 10, 2024 12:05:05.396878958 CEST44349706104.102.49.254192.168.2.5
                                                                                    Oct 10, 2024 12:05:05.397098064 CEST49706443192.168.2.5104.102.49.254
                                                                                    Oct 10, 2024 12:05:05.400249004 CEST49706443192.168.2.5104.102.49.254
                                                                                    Oct 10, 2024 12:05:05.400284052 CEST44349706104.102.49.254192.168.2.5
                                                                                    Oct 10, 2024 12:05:05.400713921 CEST44349706104.102.49.254192.168.2.5
                                                                                    Oct 10, 2024 12:05:05.441507101 CEST49706443192.168.2.5104.102.49.254
                                                                                    Oct 10, 2024 12:05:05.483411074 CEST44349706104.102.49.254192.168.2.5
                                                                                    Oct 10, 2024 12:05:05.962976933 CEST44349706104.102.49.254192.168.2.5
                                                                                    Oct 10, 2024 12:05:05.963037014 CEST44349706104.102.49.254192.168.2.5
                                                                                    Oct 10, 2024 12:05:05.963068008 CEST49706443192.168.2.5104.102.49.254
                                                                                    Oct 10, 2024 12:05:05.963113070 CEST44349706104.102.49.254192.168.2.5
                                                                                    Oct 10, 2024 12:05:05.963160992 CEST44349706104.102.49.254192.168.2.5
                                                                                    Oct 10, 2024 12:05:05.963198900 CEST44349706104.102.49.254192.168.2.5
                                                                                    Oct 10, 2024 12:05:05.963221073 CEST44349706104.102.49.254192.168.2.5
                                                                                    Oct 10, 2024 12:05:05.963249922 CEST49706443192.168.2.5104.102.49.254
                                                                                    Oct 10, 2024 12:05:05.963249922 CEST49706443192.168.2.5104.102.49.254
                                                                                    Oct 10, 2024 12:05:05.963251114 CEST49706443192.168.2.5104.102.49.254
                                                                                    Oct 10, 2024 12:05:05.963251114 CEST49706443192.168.2.5104.102.49.254
                                                                                    Oct 10, 2024 12:05:05.963290930 CEST49706443192.168.2.5104.102.49.254
                                                                                    Oct 10, 2024 12:05:06.096744061 CEST44349706104.102.49.254192.168.2.5
                                                                                    Oct 10, 2024 12:05:06.096796036 CEST44349706104.102.49.254192.168.2.5
                                                                                    Oct 10, 2024 12:05:06.096960068 CEST49706443192.168.2.5104.102.49.254
                                                                                    Oct 10, 2024 12:05:06.097027063 CEST44349706104.102.49.254192.168.2.5
                                                                                    Oct 10, 2024 12:05:06.097095013 CEST49706443192.168.2.5104.102.49.254
                                                                                    Oct 10, 2024 12:05:06.103580952 CEST44349706104.102.49.254192.168.2.5
                                                                                    Oct 10, 2024 12:05:06.103667974 CEST49706443192.168.2.5104.102.49.254
                                                                                    Oct 10, 2024 12:05:06.103684902 CEST44349706104.102.49.254192.168.2.5
                                                                                    Oct 10, 2024 12:05:06.103739023 CEST49706443192.168.2.5104.102.49.254
                                                                                    Oct 10, 2024 12:05:06.103753090 CEST44349706104.102.49.254192.168.2.5
                                                                                    Oct 10, 2024 12:05:06.103811979 CEST44349706104.102.49.254192.168.2.5
                                                                                    Oct 10, 2024 12:05:06.103862047 CEST49706443192.168.2.5104.102.49.254
                                                                                    Oct 10, 2024 12:05:06.104393005 CEST49706443192.168.2.5104.102.49.254
                                                                                    Oct 10, 2024 12:05:06.104430914 CEST44349706104.102.49.254192.168.2.5
                                                                                    Oct 10, 2024 12:05:06.104458094 CEST49706443192.168.2.5104.102.49.254
                                                                                    Oct 10, 2024 12:05:06.104471922 CEST44349706104.102.49.254192.168.2.5
                                                                                    Oct 10, 2024 12:05:06.125751019 CEST49707443192.168.2.5172.67.206.204
                                                                                    Oct 10, 2024 12:05:06.125842094 CEST44349707172.67.206.204192.168.2.5
                                                                                    Oct 10, 2024 12:05:06.126054049 CEST49707443192.168.2.5172.67.206.204
                                                                                    Oct 10, 2024 12:05:06.126184940 CEST49707443192.168.2.5172.67.206.204
                                                                                    Oct 10, 2024 12:05:06.126209974 CEST44349707172.67.206.204192.168.2.5
                                                                                    Oct 10, 2024 12:05:06.593693972 CEST44349707172.67.206.204192.168.2.5
                                                                                    Oct 10, 2024 12:05:06.593780041 CEST49707443192.168.2.5172.67.206.204
                                                                                    Oct 10, 2024 12:05:06.596245050 CEST49707443192.168.2.5172.67.206.204
                                                                                    Oct 10, 2024 12:05:06.596270084 CEST44349707172.67.206.204192.168.2.5
                                                                                    Oct 10, 2024 12:05:06.596604109 CEST44349707172.67.206.204192.168.2.5
                                                                                    Oct 10, 2024 12:05:06.597645998 CEST49707443192.168.2.5172.67.206.204
                                                                                    Oct 10, 2024 12:05:06.597681999 CEST49707443192.168.2.5172.67.206.204
                                                                                    Oct 10, 2024 12:05:06.597878933 CEST44349707172.67.206.204192.168.2.5
                                                                                    Oct 10, 2024 12:05:07.031605005 CEST44349707172.67.206.204192.168.2.5
                                                                                    Oct 10, 2024 12:05:07.031816959 CEST44349707172.67.206.204192.168.2.5
                                                                                    Oct 10, 2024 12:05:07.031888008 CEST49707443192.168.2.5172.67.206.204
                                                                                    Oct 10, 2024 12:05:07.035917044 CEST49707443192.168.2.5172.67.206.204
                                                                                    Oct 10, 2024 12:05:07.035964012 CEST44349707172.67.206.204192.168.2.5
                                                                                    Oct 10, 2024 12:05:07.035990953 CEST49707443192.168.2.5172.67.206.204
                                                                                    Oct 10, 2024 12:05:07.036005974 CEST44349707172.67.206.204192.168.2.5

                                                                                    UDP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Oct 10, 2024 12:05:04.570327044 CEST6119153192.168.2.51.1.1.1
                                                                                    Oct 10, 2024 12:05:04.581299067 CEST53611911.1.1.1192.168.2.5
                                                                                    Oct 10, 2024 12:05:04.585746050 CEST6315453192.168.2.51.1.1.1
                                                                                    Oct 10, 2024 12:05:04.595026970 CEST53631541.1.1.1192.168.2.5
                                                                                    Oct 10, 2024 12:05:04.597317934 CEST6258353192.168.2.51.1.1.1
                                                                                    Oct 10, 2024 12:05:04.606440067 CEST53625831.1.1.1192.168.2.5
                                                                                    Oct 10, 2024 12:05:04.608524084 CEST5047953192.168.2.51.1.1.1
                                                                                    Oct 10, 2024 12:05:04.617120028 CEST53504791.1.1.1192.168.2.5
                                                                                    Oct 10, 2024 12:05:04.619283915 CEST5853553192.168.2.51.1.1.1
                                                                                    Oct 10, 2024 12:05:04.628138065 CEST53585351.1.1.1192.168.2.5
                                                                                    Oct 10, 2024 12:05:04.630208969 CEST6051153192.168.2.51.1.1.1
                                                                                    Oct 10, 2024 12:05:04.640094042 CEST53605111.1.1.1192.168.2.5
                                                                                    Oct 10, 2024 12:05:04.642128944 CEST5716153192.168.2.51.1.1.1
                                                                                    Oct 10, 2024 12:05:04.652043104 CEST53571611.1.1.1192.168.2.5
                                                                                    Oct 10, 2024 12:05:04.653882027 CEST6161553192.168.2.51.1.1.1
                                                                                    Oct 10, 2024 12:05:04.662578106 CEST53616151.1.1.1192.168.2.5
                                                                                    Oct 10, 2024 12:05:04.664433956 CEST5832753192.168.2.51.1.1.1
                                                                                    Oct 10, 2024 12:05:04.672094107 CEST53583271.1.1.1192.168.2.5
                                                                                    Oct 10, 2024 12:05:06.114510059 CEST6316953192.168.2.51.1.1.1
                                                                                    Oct 10, 2024 12:05:06.125108004 CEST53631691.1.1.1192.168.2.5

                                                                                    DNS Queries

                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                    Oct 10, 2024 12:05:04.570327044 CEST192.168.2.51.1.1.10x7b4dStandard query (0)clearancek.siteA (IP address)IN (0x0001)false
                                                                                    Oct 10, 2024 12:05:04.585746050 CEST192.168.2.51.1.1.10xb989Standard query (0)mobbipenju.storeA (IP address)IN (0x0001)false
                                                                                    Oct 10, 2024 12:05:04.597317934 CEST192.168.2.51.1.1.10x1644Standard query (0)eaglepawnoy.storeA (IP address)IN (0x0001)false
                                                                                    Oct 10, 2024 12:05:04.608524084 CEST192.168.2.51.1.1.10xa8c5Standard query (0)dissapoiznw.storeA (IP address)IN (0x0001)false
                                                                                    Oct 10, 2024 12:05:04.619283915 CEST192.168.2.51.1.1.10xc43aStandard query (0)studennotediw.storeA (IP address)IN (0x0001)false
                                                                                    Oct 10, 2024 12:05:04.630208969 CEST192.168.2.51.1.1.10xefadStandard query (0)bathdoomgaz.storeA (IP address)IN (0x0001)false
                                                                                    Oct 10, 2024 12:05:04.642128944 CEST192.168.2.51.1.1.10x17afStandard query (0)spirittunek.storeA (IP address)IN (0x0001)false
                                                                                    Oct 10, 2024 12:05:04.653882027 CEST192.168.2.51.1.1.10xe506Standard query (0)licendfilteo.siteA (IP address)IN (0x0001)false
                                                                                    Oct 10, 2024 12:05:04.664433956 CEST192.168.2.51.1.1.10x56d6Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                    Oct 10, 2024 12:05:06.114510059 CEST192.168.2.51.1.1.10xc26eStandard query (0)sergei-esenin.comA (IP address)IN (0x0001)false

                                                                                    DNS Answers

                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                    Oct 10, 2024 12:05:04.581299067 CEST1.1.1.1192.168.2.50x7b4dName error (3)clearancek.sitenonenoneA (IP address)IN (0x0001)false
                                                                                    Oct 10, 2024 12:05:04.595026970 CEST1.1.1.1192.168.2.50xb989Name error (3)mobbipenju.storenonenoneA (IP address)IN (0x0001)false
                                                                                    Oct 10, 2024 12:05:04.606440067 CEST1.1.1.1192.168.2.50x1644Name error (3)eaglepawnoy.storenonenoneA (IP address)IN (0x0001)false
                                                                                    Oct 10, 2024 12:05:04.617120028 CEST1.1.1.1192.168.2.50xa8c5Name error (3)dissapoiznw.storenonenoneA (IP address)IN (0x0001)false
                                                                                    Oct 10, 2024 12:05:04.628138065 CEST1.1.1.1192.168.2.50xc43aName error (3)studennotediw.storenonenoneA (IP address)IN (0x0001)false
                                                                                    Oct 10, 2024 12:05:04.640094042 CEST1.1.1.1192.168.2.50xefadName error (3)bathdoomgaz.storenonenoneA (IP address)IN (0x0001)false
                                                                                    Oct 10, 2024 12:05:04.652043104 CEST1.1.1.1192.168.2.50x17afName error (3)spirittunek.storenonenoneA (IP address)IN (0x0001)false
                                                                                    Oct 10, 2024 12:05:04.662578106 CEST1.1.1.1192.168.2.50xe506Name error (3)licendfilteo.sitenonenoneA (IP address)IN (0x0001)false
                                                                                    Oct 10, 2024 12:05:04.672094107 CEST1.1.1.1192.168.2.50x56d6No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                    Oct 10, 2024 12:05:06.125108004 CEST1.1.1.1192.168.2.50xc26eNo error (0)sergei-esenin.com172.67.206.204A (IP address)IN (0x0001)false
                                                                                    Oct 10, 2024 12:05:06.125108004 CEST1.1.1.1192.168.2.50xc26eNo error (0)sergei-esenin.com104.21.53.8A (IP address)IN (0x0001)false

                                                                                    HTTP Request Dependency Graph

                                                                                    • steamcommunity.com
                                                                                    • sergei-esenin.com

                                                                                    HTTPS Proxied Packets

                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    0192.168.2.549706104.102.49.2544432412C:\Users\user\Desktop\file.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-10 10:05:05 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                    Host: steamcommunity.com
                                                                                    2024-10-10 10:05:05 UTC1870INHTTP/1.1 200 OK
                                                                                    Server: nginx
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                    Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                    Cache-Control: no-cache
                                                                                    Date: Thu, 10 Oct 2024 10:05:05 GMT
                                                                                    Content-Length: 34837
                                                                                    Connection: close
                                                                                    Set-Cookie: sessionid=f4e6b54f4f86c8f1989ddb9b; Path=/; Secure; SameSite=None
                                                                                    Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                                    2024-10-10 10:05:05 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                    Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                    2024-10-10 10:05:06 UTC16384INData Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f
                                                                                    Data Ascii: <script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#glo
                                                                                    2024-10-10 10:05:06 UTC3768INData Raw: 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29
                                                                                    Data Ascii: <div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function()
                                                                                    2024-10-10 10:05:06 UTC171INData Raw: 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                    Data Ascii: <span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    1192.168.2.549707172.67.206.2044432412C:\Users\user\Desktop\file.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-10-10 10:05:06 UTC264OUTPOST /api HTTP/1.1
                                                                                    Connection: Keep-Alive
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                    Content-Length: 8
                                                                                    Host: sergei-esenin.com
                                                                                    2024-10-10 10:05:06 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                    Data Ascii: act=life
                                                                                    2024-10-10 10:05:07 UTC831INHTTP/1.1 200 OK
                                                                                    Date: Thu, 10 Oct 2024 10:05:06 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Set-Cookie: PHPSESSID=ttqm1bt2ahq09t5onkg70l480p; expires=Mon, 03 Feb 2025 03:51:45 GMT; Max-Age=9999999; path=/
                                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                                    Pragma: no-cache
                                                                                    cf-cache-status: DYNAMIC
                                                                                    vary: accept-encoding
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=my26rXf1qb2YRiilZLufaT4MX4JgL1%2BageIMnwzl9KkUOlaMKrhirYsv%2FapA3HPiOZrwRSNoN47egwok0qE21Bk%2B4T0pKv%2F0WOLhPX2Njc3cHZgNVGG40sUFZZgoKT%2B1n9hEVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8d05ca44b9d272a7-EWR
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    2024-10-10 10:05:07 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                    Data Ascii: aerror #D12
                                                                                    2024-10-10 10:05:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Statistics

                                                                                    CPU Usage

                                                                                    Click to jump to process

                                                                                    Memory Usage

                                                                                    Click to jump to process

                                                                                    High Level Behavior Distribution

                                                                                    Click to dive into process behavior distribution

                                                                                    System Behavior

                                                                                    General

                                                                                    Target ID:0
                                                                                    Start time:06:05:01
                                                                                    Start date:10/10/2024
                                                                                    Path:C:\Users\user\Desktop\file.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                    Imagebase:0x700000
                                                                                    File size:1'900'032 bytes
                                                                                    MD5 hash:9CA76584366A4A0A5FC35324672F22AF
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:low
                                                                                    Has exited:true

                                                                                    Disassembly

                                                                                    Reset < >

                                                                                      Execution Graph

                                                                                      Execution Coverage:0.9%
                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                      Signature Coverage:71.4%
                                                                                      Total number of Nodes:42
                                                                                      Total number of Limit Nodes:4
                                                                                      execution_graph 21095 70d110 21099 70d119 21095->21099 21096 70d2ee ExitProcess 21097 70d2e9 21102 7456e0 FreeLibrary 21097->21102 21099->21096 21099->21097 21101 710b40 FreeLibrary 21099->21101 21101->21097 21102->21096 21108 7499d0 21110 7499f5 21108->21110 21109 749b0e 21111 749a5f 21110->21111 21114 745bb0 LdrInitializeThunk 21110->21114 21111->21109 21115 745bb0 LdrInitializeThunk 21111->21115 21114->21111 21115->21109 21116 70edb5 21119 70edd0 21116->21119 21120 70fca0 21119->21120 21123 70fcdc 21120->21123 21121 70ef70 21123->21121 21124 743220 21123->21124 21125 7432a2 RtlFreeHeap 21124->21125 21126 7432ac 21124->21126 21127 743236 21124->21127 21125->21126 21126->21121 21127->21125 21151 743202 RtlAllocateHeap 21152 73d9cb 21154 73d9fb 21152->21154 21153 73da65 21154->21153 21156 745bb0 LdrInitializeThunk 21154->21156 21156->21154 21128 71049b 21132 710227 21128->21132 21129 710455 21131 745700 2 API calls 21129->21131 21133 710308 21131->21133 21132->21129 21132->21133 21134 745700 21132->21134 21135 745797 21134->21135 21136 74571b 21134->21136 21138 74578c 21134->21138 21140 745729 21134->21140 21139 743220 RtlFreeHeap 21135->21139 21136->21135 21136->21138 21136->21140 21137 745776 RtlReAllocateHeap 21137->21138 21138->21129 21139->21138 21140->21137 21141 7464b8 21142 7463f2 21141->21142 21143 74646e 21142->21143 21145 745bb0 LdrInitializeThunk 21142->21145 21145->21143

                                                                                      Executed Functions

                                                                                      Function 0070FCA0 Relevance: 5.4, Strings: 4, Instructions: 373COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 25 70fca0-70fcda 26 70fd0b-70fe22 25->26 27 70fcdc-70fcdf 25->27 29 70fe24 26->29 30 70fe5b-70fe8c 26->30 28 70fce0-70fd09 call 712690 27->28 28->26 32 70fe30-70fe59 call 712760 29->32 33 70feb6-70fec5 call 710b50 30->33 34 70fe8e-70fe8f 30->34 32->30 39 70feca-70fecf 33->39 38 70fe90-70feb4 call 712700 34->38 38->33 42 70ffe4-70ffe6 39->42 43 70fed5-70fef8 39->43 47 7101b1-7101bb 42->47 45 70fefa 43->45 46 70ff2b-70ff2d 43->46 48 70ff00-70ff29 call 7127e0 45->48 49 70ff30-70ff3a 46->49 48->46 51 70ff41-70ff49 49->51 52 70ff3c-70ff3f 49->52 54 7101a2-7101ad call 743220 51->54 55 70ff4f-70ff76 51->55 52->49 52->51 54->47 57 70ff78 55->57 58 70ffab-70ffb5 55->58 62 70ff80-70ffa9 call 712840 57->62 59 70ffb7-70ffbb 58->59 60 70ffeb 58->60 63 70ffc7-70ffcb 59->63 64 70ffed-70ffef 60->64 62->58 66 70ffd1-70ffd8 63->66 67 71019a 63->67 64->67 68 70fff5-71002c 64->68 70 70ffda-70ffdc 66->70 71 70ffde 66->71 67->54 72 71005b-710065 68->72 73 71002e-71002f 68->73 70->71 76 70ffc0-70ffc5 71->76 77 70ffe0-70ffe2 71->77 74 7100a4 72->74 75 710067-71006f 72->75 78 710030-710059 call 7128a0 73->78 80 7100a6-7100a8 74->80 79 710087-71008b 75->79 76->63 76->64 77->76 78->72 79->67 82 710091-710098 79->82 80->67 83 7100ae-7100c5 80->83 85 71009a-71009c 82->85 86 71009e 82->86 87 7100c7 83->87 88 7100fb-710102 83->88 85->86 91 710080-710085 86->91 92 7100a0-7100a2 86->92 93 7100d0-7100f9 call 712900 87->93 89 710130-71013c 88->89 90 710104-71010d 88->90 95 7101c2-7101c7 89->95 94 710117-71011b 90->94 91->79 91->80 92->91 93->88 94->67 97 71011d-710124 94->97 95->54 99 710126-710128 97->99 100 71012a 97->100 99->100 101 710110-710115 100->101 102 71012c-71012e 100->102 101->94 103 710141-710143 101->103 102->101 103->67 104 710145-71015b 103->104 104->95 105 71015d-71015f 104->105 106 710163-710166 105->106 107 710168-710188 call 712030 106->107 108 7101bc 106->108 111 710192-710198 107->111 112 71018a-710190 107->112 108->95 111->95 112->106 112->111
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: J|BJ$V$VY^_$t
                                                                                      • API String ID: 0-3701112211
                                                                                      • Opcode ID: 12ee37716864218208c9f7a4c5f6c04dffbc1d9a68e349fa187e2eaaf65feab0
                                                                                      • Instruction ID: 99aa000d2280f56b4ded7690d636748c783ba792ac5ce258762d3f185ed3875e
                                                                                      • Opcode Fuzzy Hash: 12ee37716864218208c9f7a4c5f6c04dffbc1d9a68e349fa187e2eaaf65feab0
                                                                                      • Instruction Fuzzy Hash: 59D19C7450C3809BD320DF18C49469FBBE1AB96B44F14492CF4C98B292D379DD89EBD2
                                                                                      Function 0070D110 Relevance: 1.7, APIs: 1, Instructions: 168COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 149 70d110-70d11b call 744cc0 152 70d121-70d130 call 73c8d0 149->152 153 70d2ee-70d2f6 ExitProcess 149->153 157 70d136-70d15f 152->157 158 70d2e9 call 7456e0 152->158 162 70d161 157->162 163 70d196-70d1bf 157->163 158->153 164 70d170-70d194 call 70d300 162->164 165 70d1c1 163->165 166 70d1f6-70d20c 163->166 164->163 170 70d1d0-70d1f4 call 70d370 165->170 167 70d239-70d23b 166->167 168 70d20e-70d20f 166->168 172 70d286-70d2aa 167->172 173 70d23d-70d25a 167->173 171 70d210-70d237 call 70d3e0 168->171 170->166 171->167 178 70d2d6 call 70e8f0 172->178 179 70d2ac-70d2af 172->179 173->172 177 70d25c-70d25f 173->177 183 70d260-70d284 call 70d440 177->183 185 70d2db-70d2dd 178->185 184 70d2b0-70d2d4 call 70d490 179->184 183->172 184->178 185->158 188 70d2df-70d2e4 call 712f10 call 710b40 185->188 188->158
                                                                                      APIs
                                                                                      • ExitProcess.KERNEL32(00000000), ref: 0070D2F1
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID: ExitProcess
                                                                                      • String ID:
                                                                                      • API String ID: 621844428-0
                                                                                      • Opcode ID: 07beafabc7e3652d10db409cded5b8e1a3e6e9f8083ce1cda036e0ec7f894739
                                                                                      • Instruction ID: 2e243ea2a607194ed12c1114a15b56cbece9334fca65c611e3f6905fc7740d85
                                                                                      • Opcode Fuzzy Hash: 07beafabc7e3652d10db409cded5b8e1a3e6e9f8083ce1cda036e0ec7f894739
                                                                                      • Instruction Fuzzy Hash: DB41437450D380EBC321ABA8D588A2EFBF5AF56704F048E0CE5C497292C33ADC108B67
                                                                                      Function 00745700 Relevance: 1.6, APIs: 1, Instructions: 69memoryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 194 745700-745714 195 745797-7457a5 call 743220 194->195 196 7457b0 194->196 197 7457b2 194->197 198 74578c-745795 call 7431a0 194->198 199 745729-74574a 194->199 200 74571b-745722 194->200 195->196 196->197 201 7457b4-7457b9 197->201 198->201 202 745776-74578a RtlReAllocateHeap 199->202 203 74574c-74574f 199->203 200->195 200->196 200->197 200->199 202->201 206 745750-745774 call 745b30 203->206 206->202
                                                                                      APIs
                                                                                      • RtlReAllocateHeap.NTDLL(?,00000000,?,?), ref: 00745784
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocateHeap
                                                                                      • String ID:
                                                                                      • API String ID: 1279760036-0
                                                                                      • Opcode ID: 9dcce2d07838e7bda584952ad0408053a90c1f3bd9f1b82070db6c7cf1d82a67
                                                                                      • Instruction ID: ddb53a7f0bdeff558562ee060fd6969b06c938ee4ba1b1e36e954b9e5a6ad27f
                                                                                      • Opcode Fuzzy Hash: 9dcce2d07838e7bda584952ad0408053a90c1f3bd9f1b82070db6c7cf1d82a67
                                                                                      • Instruction Fuzzy Hash: 8711A07191C240EBC302AF28E844A1BBBF5EF96711F05882CE4C49B222D339D810CB97
                                                                                      Function 00745BB0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 221 745bb0-745be2 LdrInitializeThunk
                                                                                      APIs
                                                                                      • LdrInitializeThunk.NTDLL(0074973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00745BDE
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                      • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                                                      • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                      • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                                                      Function 0074695B Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 250 74695b-74696b call 744a20 253 746981-746a02 250->253 254 74696d 250->254 256 746a04 253->256 257 746a36-746a42 253->257 255 746970-74697f 254->255 255->253 255->255 258 746a10-746a34 call 7473e0 256->258 259 746a44-746a4f 257->259 260 746a85-746a9f 257->260 258->257 262 746a50-746a57 259->262 264 746a60-746a66 262->264 265 746a59-746a5c 262->265 264->260 266 746a68-746a7d call 745bb0 264->266 265->262 267 746a5e 265->267 269 746a82 266->269 267->260 269->260
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @
                                                                                      • API String ID: 0-2766056989
                                                                                      • Opcode ID: b6e508aa2e463f15c220b45342fbe2c6ec14b5c3667ebcf41e28b06da5fdd1ce
                                                                                      • Instruction ID: 61970f517c1ce08a2ee79521fc8dba82d8f1fba23d291dbe2453ce7db7e87a36
                                                                                      • Opcode Fuzzy Hash: b6e508aa2e463f15c220b45342fbe2c6ec14b5c3667ebcf41e28b06da5fdd1ce
                                                                                      • Instruction Fuzzy Hash: 1C31A8B16183019FD718DF14C8A072AB7F1FF8A345F08881CE5C6A72A1E7799904CB56
                                                                                      Function 0071049B Relevance: .3, Instructions: 264COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 270 71049b-710515 call 70c9f0 274 710311-710332 270->274 275 710370-71037e 270->275 276 7103d0-7103d7 270->276 277 710393-710397 270->277 278 710472-710477 270->278 279 710417-710430 270->279 280 710356 270->280 281 710339-71034f 270->281 282 71045b-710469 call 745700 270->282 283 7103fb-710414 270->283 284 71051c-71051e 270->284 285 71035f-710367 270->285 286 7103be 270->286 287 7103de-7103e3 270->287 288 710440-710458 call 745700 270->288 289 710480 270->289 290 710242-710244 270->290 291 710482-710484 270->291 292 710227-71023b 270->292 293 710246-710260 270->293 294 710386-71038c 270->294 295 710308-71030c 270->295 296 7103ec-7103f4 270->296 274->275 274->276 274->277 274->278 274->279 274->280 274->281 274->282 274->283 274->285 274->286 274->287 274->288 274->289 274->291 274->294 274->296 275->294 276->277 276->278 276->279 276->283 276->287 276->289 276->291 276->294 276->296 304 7103a0-7103b7 277->304 278->289 279->288 280->285 281->275 281->276 281->277 281->278 281->279 281->280 281->282 281->283 281->285 281->286 281->287 281->288 281->289 281->291 281->294 281->296 282->278 283->279 300 710520-710b30 284->300 285->275 286->276 287->296 288->282 297 710296-7102bd 290->297 302 71048d-710496 291->302 292->274 292->275 292->276 292->277 292->278 292->279 292->280 292->281 292->282 292->283 292->285 292->286 292->287 292->288 292->289 292->290 292->291 292->293 292->294 292->295 292->296 298 710262 293->298 299 710294 293->299 294->277 294->278 294->289 294->291 295->302 296->277 296->278 296->283 296->289 296->291 306 7102ea-710301 297->306 307 7102bf 297->307 305 710270-710292 call 712eb0 298->305 299->297 302->300 304->276 304->277 304->278 304->279 304->282 304->283 304->286 304->287 304->288 304->289 304->291 304->294 304->296 305->299 306->274 306->275 306->276 306->277 306->278 306->279 306->280 306->281 306->282 306->283 306->285 306->286 306->287 306->288 306->289 306->291 306->294 306->295 306->296 316 7102c0-7102e8 call 712e70 307->316 316->306
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: eafb7468fb24abf7471af7a84476cae1d5e37d765eca2b273062770aede802f6
                                                                                      • Instruction ID: 94acd728c91280873c0e8dde37994b3eb00bbd71371c5e63cbe7480f3841c245
                                                                                      • Opcode Fuzzy Hash: eafb7468fb24abf7471af7a84476cae1d5e37d765eca2b273062770aede802f6
                                                                                      • Instruction Fuzzy Hash: 0291AD75200B00CFD724CF25D894A27B7F6FF8A314B118A6DE8568BAA1D778F855CB90
                                                                                      Function 00710228 Relevance: .2, Instructions: 218COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 324 710228-71023b 325 710311-710332 324->325 326 710370-71037e 324->326 327 7103d0-7103d7 324->327 328 710393-710397 324->328 329 710472-710477 324->329 330 710417-710430 324->330 331 710356 324->331 332 710339-71034f 324->332 333 71045b-710469 call 745700 324->333 334 7103fb-710414 324->334 335 71035f-710367 324->335 336 7103be 324->336 337 7103de-7103e3 324->337 338 710440-710458 call 745700 324->338 339 710480 324->339 340 710242-710244 324->340 341 710482-710484 324->341 342 710246-710260 324->342 343 710386-71038c 324->343 344 710308-71030c 324->344 345 7103ec-7103f4 324->345 325->326 325->327 325->328 325->329 325->330 325->331 325->332 325->333 325->334 325->335 325->336 325->337 325->338 325->339 325->341 325->343 325->345 326->343 327->328 327->329 327->330 327->334 327->337 327->339 327->341 327->343 327->345 352 7103a0-7103b7 328->352 329->339 330->338 331->335 332->326 332->327 332->328 332->329 332->330 332->331 332->333 332->334 332->335 332->336 332->337 332->338 332->339 332->341 332->343 332->345 333->329 334->330 335->326 336->327 337->345 338->333 346 710296-7102bd 340->346 350 71048d-710b30 341->350 347 710262 342->347 348 710294 342->348 343->328 343->329 343->339 343->341 344->350 345->328 345->329 345->334 345->339 345->341 354 7102ea-710301 346->354 355 7102bf 346->355 353 710270-710292 call 712eb0 347->353 348->346 352->327 352->328 352->329 352->330 352->333 352->334 352->336 352->337 352->338 352->339 352->341 352->343 352->345 353->348 354->325 354->326 354->327 354->328 354->329 354->330 354->331 354->332 354->333 354->334 354->335 354->336 354->337 354->338 354->339 354->341 354->343 354->344 354->345 363 7102c0-7102e8 call 712e70 355->363 363->354
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 48a7d985b251b18f7c5e02adb1dd223a004ce4841b518c852e08c18d8bea48e6
                                                                                      • Instruction ID: 77285f10371cd831dda1cbd298463a0c057a479d319e3ceb52f47fcabd92d53b
                                                                                      • Opcode Fuzzy Hash: 48a7d985b251b18f7c5e02adb1dd223a004ce4841b518c852e08c18d8bea48e6
                                                                                      • Instruction Fuzzy Hash: C6719A38200700DFD7248F24EC94B26B7F6FF8A305F10C969E8568B6A2D779E855CB64
                                                                                      Function 007499D0 Relevance: .1, Instructions: 143COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d6225afb45e691c54ae3f5096eeec5d3e3a45ff919063b44b764adce3c8ff73e
                                                                                      • Instruction ID: 7d2f31fca308b8de484cf536e81ddf6b9f1bcf26353f6483eddd86adea1aa68e
                                                                                      • Opcode Fuzzy Hash: d6225afb45e691c54ae3f5096eeec5d3e3a45ff919063b44b764adce3c8ff73e
                                                                                      • Instruction Fuzzy Hash: A441CE74248300ABD714DF15E894B2BF7E6EB89714F14C82CF68A97252D339EC01CB66
                                                                                      Function 007463B8 Relevance: .1, Instructions: 99COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: fc6f878f7e2171ad690a789d7b32f8ce6eb4bd8df5ca2e9e389518f0e97ff0fe
                                                                                      • Instruction ID: 45e981f4f2d196e239a93989d71776b33e98d9335d9eba33ba74f89711ffa952
                                                                                      • Opcode Fuzzy Hash: fc6f878f7e2171ad690a789d7b32f8ce6eb4bd8df5ca2e9e389518f0e97ff0fe
                                                                                      • Instruction Fuzzy Hash: 1B31E670649341BBDA24DB08CD81F3AB7A5FB86B55F64890CF181572E1D378B811CB56
                                                                                      Function 00710EEC Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 768d58a9b2a1e736956ab2585164fc7b5b878fc7d0a22ea639404d65dbc35273
                                                                                      • Instruction ID: 0eafe63360c82b13615d7ef45b8e5f15060129e2badcf7923f10812a23c2e558
                                                                                      • Opcode Fuzzy Hash: 768d58a9b2a1e736956ab2585164fc7b5b878fc7d0a22ea639404d65dbc35273
                                                                                      • Instruction Fuzzy Hash: 9A213CB490021ADFDB15CF94CC91BBEBBB5FF46304F144809E811BB292C775A951CBA4
                                                                                      Function 00743220 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 211 743220-74322f 212 743236-743252 211->212 213 7432a0 211->213 214 7432a2-7432a6 RtlFreeHeap 211->214 215 7432ac-7432b0 211->215 216 743254 212->216 217 743286-743296 212->217 213->214 214->215 218 743260-743284 call 745af0 216->218 217->213 218->217
                                                                                      APIs
                                                                                      • RtlFreeHeap.NTDLL(?,00000000), ref: 007432A6
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID: FreeHeap
                                                                                      • String ID:
                                                                                      • API String ID: 3298025750-0
                                                                                      • Opcode ID: 9a0d8d8b1b95583a0fc673e8f4251ca8134e63ec67e5fb3b9957abd4dfcf5bce
                                                                                      • Instruction ID: ec9af21384d8613dedb55898985dbed2bc99f5ed545bb50b43707e5ed0164211
                                                                                      • Opcode Fuzzy Hash: 9a0d8d8b1b95583a0fc673e8f4251ca8134e63ec67e5fb3b9957abd4dfcf5bce
                                                                                      • Instruction Fuzzy Hash: F7014B3490D3409BD711AB18E849A1ABBE8EF4A701F058D1CE5C98B361D379DD60CB96
                                                                                      Function 00743202 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 222 743202-743211 RtlAllocateHeap
                                                                                      APIs
                                                                                      • RtlAllocateHeap.NTDLL(?,00000000), ref: 00743208
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocateHeap
                                                                                      • String ID:
                                                                                      • API String ID: 1279760036-0
                                                                                      • Opcode ID: b372c8edb3e907a24454ad9c5749de3e6efb02d292695dd2d2304a2cb38a489e
                                                                                      • Instruction ID: e9485163e68e6272cdd7f460cbb1fb33ac2a537e1062507f006f4201afd70cb8
                                                                                      • Opcode Fuzzy Hash: b372c8edb3e907a24454ad9c5749de3e6efb02d292695dd2d2304a2cb38a489e
                                                                                      • Instruction Fuzzy Hash: 98B012300401005FDA241B00EC0AF003510EB00706F800050A100040B1D1E55C64C559

                                                                                      Non-executed Functions

                                                                                      Function 0071DB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
                                                                                      • API String ID: 2994545307-1418943773
                                                                                      • Opcode ID: 0df79ef616216985a4ff9d2da37139d6f902e996523a3dfc0b74d1497560ad12
                                                                                      • Instruction ID: 2601f2f28381b2096deadcd0f8b134b13262dfcecc47c575f4e1b1850ffd025a
                                                                                      • Opcode Fuzzy Hash: 0df79ef616216985a4ff9d2da37139d6f902e996523a3dfc0b74d1497560ad12
                                                                                      • Instruction Fuzzy Hash: 7CF27AB05093819BD770CF18C894BEBBBE6BFD5304F14482CE8C987292D7799985CB92
                                                                                      Function 007323E0 Relevance: 31.3, APIs: 4, Strings: 12, Instructions: 3298COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C
                                                                                      • API String ID: 0-786070067
                                                                                      • Opcode ID: f375cb7f1def35ab01f2ee5e89969afb75aa27048789739ce41cfd4aa3b4d5f5
                                                                                      • Instruction ID: 12f32fb4b730b4007f472432ae098217d826c49874b792a68594b19ab66a0753
                                                                                      • Opcode Fuzzy Hash: f375cb7f1def35ab01f2ee5e89969afb75aa27048789739ce41cfd4aa3b4d5f5
                                                                                      • Instruction Fuzzy Hash: 24338B70504B81CBE7258F38C590762BBE1BF16304F58899DE4DA9BA93C739F906CB61
                                                                                      Function 00729F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
                                                                                      • API String ID: 0-1131134755
                                                                                      • Opcode ID: 999080e815c7d43f3adadbae36d2d0be222dc3d7b0cbe1d65922bef11946112c
                                                                                      • Instruction ID: d7855096a5427bbd206294ca33c2e922ea49b13f055b57731ee1ce203a0cc59a
                                                                                      • Opcode Fuzzy Hash: 999080e815c7d43f3adadbae36d2d0be222dc3d7b0cbe1d65922bef11946112c
                                                                                      • Instruction Fuzzy Hash: 2952C6B404D385CAE270CF25D581B8EBAF1BB92740F608A1DE1ED9B255DBB48045CF93
                                                                                      Function 00729510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
                                                                                      • API String ID: 0-655414846
                                                                                      • Opcode ID: a73a25e4f8786b8e14792aa7c1e5334bcf2b85e9a13e185e632944090c685954
                                                                                      • Instruction ID: c9d515c0170eae1fb1a01f805e8f9443fc805221c95ae9d00882c71b2490699a
                                                                                      • Opcode Fuzzy Hash: a73a25e4f8786b8e14792aa7c1e5334bcf2b85e9a13e185e632944090c685954
                                                                                      • Instruction Fuzzy Hash: 50F12FB4508380ABD310DF15E881A2BBBF4FB86B45F584E1CF5D59B252D378D908CBA6
                                                                                      Function 0072DD29 Relevance: 18.6, Strings: 14, Instructions: 1142COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: r$%*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$rr$upH}${E$r
                                                                                      • API String ID: 0-591219886
                                                                                      • Opcode ID: 6ba581b30ddb809ad46b76a23d1eb7a5735680de7120e42e9a6da28acd8111b4
                                                                                      • Instruction ID: 17735950bd530296692fce8a2502bddd54d3757b9f7c49da546745cc9b220035
                                                                                      • Opcode Fuzzy Hash: 6ba581b30ddb809ad46b76a23d1eb7a5735680de7120e42e9a6da28acd8111b4
                                                                                      • Instruction Fuzzy Hash: F892F5B1E00215CFDB14CF68D8517AEBBB2FF49311F298268E456AB391D779AD01CB90
                                                                                      Function 0072098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
                                                                                      • API String ID: 0-4102007303
                                                                                      • Opcode ID: f8c0d1dd69b1150643a32783b88c5c5f1e4b84152c769a6799ed8cfce0b95b1d
                                                                                      • Instruction ID: a26156788cf393eca72d867732fe58eb20ad5f83d75e132cfd516d38a7c31ee4
                                                                                      • Opcode Fuzzy Hash: f8c0d1dd69b1150643a32783b88c5c5f1e4b84152c769a6799ed8cfce0b95b1d
                                                                                      • Instruction Fuzzy Hash: 39629DB1608391CBD730DF14D895B9BB7E1FF96314F04492DE49A8B682E3799940CB93
                                                                                      Function 00701000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
                                                                                      • API String ID: 0-2517803157
                                                                                      • Opcode ID: 26ef63e75cfa35ea59abcff98dbf4f124969a32f71979f2a70e7d9034abdc74e
                                                                                      • Instruction ID: 98f1e3b2aea0a774481054d94fa355415e7aed96f9302896f8ed8ec775e586a2
                                                                                      • Opcode Fuzzy Hash: 26ef63e75cfa35ea59abcff98dbf4f124969a32f71979f2a70e7d9034abdc74e
                                                                                      • Instruction Fuzzy Hash: 62D2C472608351CFD718CE28C49436ABBE2AFD9314F18872DE595873D2D778D946CB82
                                                                                      Function 008DCC46 Relevance: 9.2, Strings: 6, Instructions: 1690COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 'oS$@ao$Z6~J$u7=Y$z5~$|~7}
                                                                                      • API String ID: 0-3999221045
                                                                                      • Opcode ID: c094b666d835173613862695c84c8e8ee45872eab56923eb82d475c630101985
                                                                                      • Instruction ID: 9f91a6b0123cdeb8b62272b78a533ed7cdf350c7f85fb0c33373716033eeadff
                                                                                      • Opcode Fuzzy Hash: c094b666d835173613862695c84c8e8ee45872eab56923eb82d475c630101985
                                                                                      • Instruction Fuzzy Hash: C7B24BF3A0C214AFE3086E2DEC8567ABBE9EFD4320F1A453DE6C5C7744E93558018696
                                                                                      Function 008E546C Relevance: 9.1, Strings: 6, Instructions: 1649COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 2a?~$7g~t$KjGz$V"V$?'$_
                                                                                      • API String ID: 0-685647293
                                                                                      • Opcode ID: 92cd207d13453f3dfe1f9006a4973216b6fa6ed601b2c9e8816eb6fbb6e1d4af
                                                                                      • Instruction ID: cda5f54688b6f757e72eec161b257e2b95041b5927558a9a809b5d23e3a6e985
                                                                                      • Opcode Fuzzy Hash: 92cd207d13453f3dfe1f9006a4973216b6fa6ed601b2c9e8816eb6fbb6e1d4af
                                                                                      • Instruction Fuzzy Hash: 95B218F360C614AFE304AE29EC8567AFBE9EF94760F16493DEAC4C3740E63558018796
                                                                                      Function 008D9670 Relevance: 9.1, Strings: 6, Instructions: 1552COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: ,j~$ 6q$$n}$%r+g$@cW$5M>
                                                                                      • API String ID: 0-2846191062
                                                                                      • Opcode ID: c1cbdc019e24d7762332d8442e7e622dbefee40237b96332cebad5e5019a9c63
                                                                                      • Instruction ID: 3a7cc020b225da9290842eb1d41ee8d1ce35ca6aae337ed202454040bd967e0d
                                                                                      • Opcode Fuzzy Hash: c1cbdc019e24d7762332d8442e7e622dbefee40237b96332cebad5e5019a9c63
                                                                                      • Instruction Fuzzy Hash: AFB2E1F390C204AFD3046E2DEC8567ABBE9EF58720F1A493DE6C4D3740EA3599448697
                                                                                      Function 008DB105 Relevance: 7.9, Strings: 5, Instructions: 1657COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: it$2%lk$\i7$pm]M$rVg
                                                                                      • API String ID: 0-3648860971
                                                                                      • Opcode ID: 5536af9ed097f75d78f222f0dfd63cf9103c9a05a4b0a9b860f1752462a1a987
                                                                                      • Instruction ID: da5a099780b41dff2b367b8e77d48574db053e433023c2db94adb296bab89f95
                                                                                      • Opcode Fuzzy Hash: 5536af9ed097f75d78f222f0dfd63cf9103c9a05a4b0a9b860f1752462a1a987
                                                                                      • Instruction Fuzzy Hash: 44B26AF3A0C2009FE308AE2DEC8577ABBE9EF94320F1A853DE6C5C7744E57558058696
                                                                                      Function 007012F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 0$0$0$@$i
                                                                                      • API String ID: 0-3124195287
                                                                                      • Opcode ID: fa9cfe9f9a08c0d9d8c25dacb40fb1640eb8bc4faaca0f286d64729eb69b3feb
                                                                                      • Instruction ID: 6ffb97ac94cea191577fa3a5bf42cf37761899763d6e2e1056ece21aab63a9d6
                                                                                      • Opcode Fuzzy Hash: fa9cfe9f9a08c0d9d8c25dacb40fb1640eb8bc4faaca0f286d64729eb69b3feb
                                                                                      • Instruction Fuzzy Hash: C162B37260C381CBD319CF28C49476ABBE1AFD5304F188A5DE8D9872D2D778D94ACB42
                                                                                      Function 0070164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                      • API String ID: 0-1123320326
                                                                                      • Opcode ID: 54f00ae5212635cef4343bf9f4793a09ac8b1ace224a5c04a676659c52be0cd7
                                                                                      • Instruction ID: a5d7f01737f64bb6ede7ebbebc46c1257a312d95495ddb50537c9da6d8962177
                                                                                      • Opcode Fuzzy Hash: 54f00ae5212635cef4343bf9f4793a09ac8b1ace224a5c04a676659c52be0cd7
                                                                                      • Instruction Fuzzy Hash: 8CF1907160C381CFC715CE28C48426AFBE2AFD9304F588A6DE4D987392D778D949CB92
                                                                                      Function 007013A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                      • API String ID: 0-3620105454
                                                                                      • Opcode ID: 57ca7003dd3c99ffe1ccab055d745aa33acef632030c683c00c5001731b1a281
                                                                                      • Instruction ID: b0d67de0e0bde1d36e4cd25c07da92e91eb08214230c8241288371255e40de0d
                                                                                      • Opcode Fuzzy Hash: 57ca7003dd3c99ffe1ccab055d745aa33acef632030c683c00c5001731b1a281
                                                                                      • Instruction Fuzzy Hash: 6BD1907160C7818FC715CE29C48426AFBE2AFD9304F08CA6EE4D987396D638D949CB52
                                                                                      Function 008E8B1C Relevance: 6.6, Strings: 4, Instructions: 1610COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 31g~$??y}$j-7g${e_
                                                                                      • API String ID: 0-3925797980
                                                                                      • Opcode ID: 2616bb21c6bae8ff005fc84ec0b7a042da6506a97e73a09b8fddfa08c6cf0833
                                                                                      • Instruction ID: ba036c4818c69553f4e2597812e25c3bf73273551a686cd05ab31288a2c604ce
                                                                                      • Opcode Fuzzy Hash: 2616bb21c6bae8ff005fc84ec0b7a042da6506a97e73a09b8fddfa08c6cf0833
                                                                                      • Instruction Fuzzy Hash: 1BB2E5F36082049FE304AF29EC8567AB7E9EF94720F1A893DEAC4C3744E63558458797
                                                                                      Function 008E0954 Relevance: 6.0, Strings: 4, Instructions: 1017COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: )o}$ ,o$7\ww$m<?{
                                                                                      • API String ID: 0-792593289
                                                                                      • Opcode ID: 8416455764c5d9083d761b8c0132ad04d0d1484a0b7ace9626d7e85df35362db
                                                                                      • Instruction ID: 656799d6dc5595d9dc214c2f8dc62a72ede8dabd659f4ecb60d31228808d159f
                                                                                      • Opcode Fuzzy Hash: 8416455764c5d9083d761b8c0132ad04d0d1484a0b7ace9626d7e85df35362db
                                                                                      • Instruction Fuzzy Hash: 096207F3A0C210AFE3086E2DEC456BABBE5EF94360F1A453DEAC5D3744E67558008697
                                                                                      Function 0072FD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: :$NA_I$m1s3$uvw
                                                                                      • API String ID: 0-3973114637
                                                                                      • Opcode ID: fcd367200d9692415b212cf31874452ab03ce8dd7dc4103ef778c86685569f38
                                                                                      • Instruction ID: 08d2296038fb8293cdd0d538c94d615a1726e9def6e0c8ebd21983aacc63d43a
                                                                                      • Opcode Fuzzy Hash: fcd367200d9692415b212cf31874452ab03ce8dd7dc4103ef778c86685569f38
                                                                                      • Instruction Fuzzy Hash: 5F32ACB0508380DFE311DF28D890B2BBBE5AB89301F548A6CF5D58B292D379D915CF96
                                                                                      Function 00713BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: %*+($;z$p$ss
                                                                                      • API String ID: 0-2391135358
                                                                                      • Opcode ID: 93ac2da7c37ada2ce24d529478a50e56435bf4c79656489a5a5e52b72192c4fb
                                                                                      • Instruction ID: bf114424b3eac6f4b9062ffd34e398a4646f76dadea0ff3ae47cbb7a4331b00a
                                                                                      • Opcode Fuzzy Hash: 93ac2da7c37ada2ce24d529478a50e56435bf4c79656489a5a5e52b72192c4fb
                                                                                      • Instruction Fuzzy Hash: 04027EB4810B00DFD760DF28D986756BFF4FB06300F50895DE89A8B686E335E459CBA2
                                                                                      Function 00722260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: a|$hu$lc$sj
                                                                                      • API String ID: 0-3748788050
                                                                                      • Opcode ID: cfeec438c2f2b5615f5d3c9002303b45abc50c906a5755c85ad3c4e7e1956f00
                                                                                      • Instruction ID: 8b7873651754488d56507d3cc36e1d770f19ae5736b498701dc454c776535a4c
                                                                                      • Opcode Fuzzy Hash: cfeec438c2f2b5615f5d3c9002303b45abc50c906a5755c85ad3c4e7e1956f00
                                                                                      • Instruction Fuzzy Hash: 2FA1AD70408350DBC720DF18D891A2BB7F0FF95354F148A0CE8D59B2A2E339D952CB96
                                                                                      Function 0072D7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: #'$CV$KV$T>
                                                                                      • API String ID: 0-95592268
                                                                                      • Opcode ID: 2b2d696deb4abbf9fbd9350b9c2b5fb717077104eaeaf4c531bfc691ad43ff6f
                                                                                      • Instruction ID: 983570945afcf1b3c91782bc9bb1c1a590a77e69badfd7b98d21f171f6632f9e
                                                                                      • Opcode Fuzzy Hash: 2b2d696deb4abbf9fbd9350b9c2b5fb717077104eaeaf4c531bfc691ad43ff6f
                                                                                      • Instruction Fuzzy Hash: FF8165B48017459FDB20DFA5D28516EBFB1FF16300F604A0CE4866BA56D334AA55CFE2
                                                                                      Function 0072AC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (g6e$,{*y$4c2a$lk
                                                                                      • API String ID: 0-1327526056
                                                                                      • Opcode ID: 1d6866f51548b4c0c60f3e7518370b1e64a75ae6c3e87fcf137c36a569d805fb
                                                                                      • Instruction ID: a5f787963438c212ae1050d1200f6fe55a57511cad5800b5aafb633778ab2ad4
                                                                                      • Opcode Fuzzy Hash: 1d6866f51548b4c0c60f3e7518370b1e64a75ae6c3e87fcf137c36a569d805fb
                                                                                      • Instruction Fuzzy Hash: 6141BA74408381DBD7208F20D900BABB7F0FF86306F54995DE5C897250DB79D944CB96
                                                                                      Function 0072C470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: %*+($%*+($~/i!
                                                                                      • API String ID: 0-4033100838
                                                                                      • Opcode ID: 77cef961f128ab51c46049c1a1ab0e295b8b288b20f7366e6ab282b0b7a3b821
                                                                                      • Instruction ID: 1cea4fbf32d73b9c094b17fa4af23f4b9548293fc76140ee1f4921134bf2f0ea
                                                                                      • Opcode Fuzzy Hash: 77cef961f128ab51c46049c1a1ab0e295b8b288b20f7366e6ab282b0b7a3b821
                                                                                      • Instruction Fuzzy Hash: 18E187B5518340DFE3209F24E885B5EBBF5FB95341F48882CE6C987252DB79D814CB92
                                                                                      Function 00708590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: )$)$IEND
                                                                                      • API String ID: 0-588110143
                                                                                      • Opcode ID: cfc9f078a0936531ea1671362003a4542aa2972224615a28f66545c3ebdbdb24
                                                                                      • Instruction ID: d5c3385dfe6fa7d94e23d204073c39751a07c3043da47d674c3125a53c197fd9
                                                                                      • Opcode Fuzzy Hash: cfc9f078a0936531ea1671362003a4542aa2972224615a28f66545c3ebdbdb24
                                                                                      • Instruction Fuzzy Hash: FFE18DB1A08701DFE350DF28C88572ABBE0BB94314F148A2DE595973C2DB79E915CB93
                                                                                      Function 008E410E Relevance: 3.5, Strings: 2, Instructions: 981COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: *`?k$%v?
                                                                                      • API String ID: 0-4071627581
                                                                                      • Opcode ID: ef0a5d1ea39796fff83a440f1ca5964a7f9ef9283eccfa1388f90e1a0e4c10f9
                                                                                      • Instruction ID: 9c357f63324281cc4901896dc3c896924caf4b341fa7b2e8976d444a8d4deb1d
                                                                                      • Opcode Fuzzy Hash: ef0a5d1ea39796fff83a440f1ca5964a7f9ef9283eccfa1388f90e1a0e4c10f9
                                                                                      • Instruction Fuzzy Hash: F26213F3A082009FD7046E2DEC8567AFBE9EF94720F1A493DE6C5C3744EA3598058792
                                                                                      Function 00744040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: %*+($f
                                                                                      • API String ID: 0-2038831151
                                                                                      • Opcode ID: bf21246a4b1875d57f0ec2724215ff6ee868a40518e0cfa78a5e85c971cc8653
                                                                                      • Instruction ID: 74a7f1b5d585a695f122e9eb526342d3e8b4577fb7f64a3bee3696912292f2c0
                                                                                      • Opcode Fuzzy Hash: bf21246a4b1875d57f0ec2724215ff6ee868a40518e0cfa78a5e85c971cc8653
                                                                                      • Instruction Fuzzy Hash: FE12BA716083809FC715CF18C890B2EBBE2FBC9314F188A2CF5959B291D779E945DB92
                                                                                      Function 0073F620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: dg$hi
                                                                                      • API String ID: 0-2859417413
                                                                                      • Opcode ID: 5fd8c324cb7ed6fce08d2c523eddb32f0d7fd48c5d966cd6c914d3ca2ae4619c
                                                                                      • Instruction ID: 56614f9df31cbc0248ea8aba7341b22a97997b5c58af00d115599eb40825659d
                                                                                      • Opcode Fuzzy Hash: 5fd8c324cb7ed6fce08d2c523eddb32f0d7fd48c5d966cd6c914d3ca2ae4619c
                                                                                      • Instruction Fuzzy Hash: 75F1A671A18341EFE704CF24D891B6ABBF5FB86345F14892CF0858B2A2D739E945CB16
                                                                                      Function 007035B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Inf$NaN
                                                                                      • API String ID: 0-3500518849
                                                                                      • Opcode ID: bb6cc34c9719680a76a5d667cf671ed060aa36c6b3520cbb0c6732b28813994d
                                                                                      • Instruction ID: 8fe0651802f6a187310b374c5fc825229f68a0da15ab70623410d9a3b01fc563
                                                                                      • Opcode Fuzzy Hash: bb6cc34c9719680a76a5d667cf671ed060aa36c6b3520cbb0c6732b28813994d
                                                                                      • Instruction Fuzzy Hash: D3D1B4B1B18311DBC714CF29C88061AB7E5EBC8750F158A2DF999973E0E779DD058B82
                                                                                      Function 0071FFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: BaBc$Ye[g
                                                                                      • API String ID: 0-286865133
                                                                                      • Opcode ID: 3b4c09b99b38aaf96a6f21e45bdc69034df80c8fd435992314e6135ca0797e29
                                                                                      • Instruction ID: 443466263f3f7c7303b71e2422562b05cfc422e3a78d459e9ce20769b4c7e14e
                                                                                      • Opcode Fuzzy Hash: 3b4c09b99b38aaf96a6f21e45bdc69034df80c8fd435992314e6135ca0797e29
                                                                                      • Instruction Fuzzy Hash: E051BEB16083958BD331CF14D885BABB7E0FF96320F08491DE4998B652F3789940CBA7
                                                                                      Function 007F6408 Relevance: 2.6, Strings: 2, Instructions: 127COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: v{$v{
                                                                                      • API String ID: 0-659727373
                                                                                      • Opcode ID: 6bfd3dc03266295a5246eae6f8c82ad28301f1b96026df5d78e6afd106a940cd
                                                                                      • Instruction ID: 60b29536e41fc375f149d72b36e07831208a7482dd4b947d9b8bd6b294dcfd41
                                                                                      • Opcode Fuzzy Hash: 6bfd3dc03266295a5246eae6f8c82ad28301f1b96026df5d78e6afd106a940cd
                                                                                      • Instruction Fuzzy Hash: 8C316DF3E082009BE318A92DDC4172BB7D6DFD4720F29863DEB9983784ED351C158586
                                                                                      Function 00705160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: %1.17g
                                                                                      • API String ID: 0-1551345525
                                                                                      • Opcode ID: b9acdff6a1429fc7441600b426c1c7d3d7c5ae7297060ee2c378e474c416dae5
                                                                                      • Instruction ID: d565ae7e186def1bc2fea358a54a9275b5a2ab7c57838c8f4ef73343da7a051c
                                                                                      • Opcode Fuzzy Hash: b9acdff6a1429fc7441600b426c1c7d3d7c5ae7297060ee2c378e474c416dae5
                                                                                      • Instruction Fuzzy Hash: F422AFB6A08B42CBE7158E18D840327BBE2AFE0318F19876DD8594B3D1E7B9DC44DB41
                                                                                      Function 007312D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: "
                                                                                      • API String ID: 0-123907689
                                                                                      • Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                                      • Instruction ID: 390a8203b9a62f7fdebe2348e4cf39cbad633e81a2117f8f349e3b0255656d34
                                                                                      • Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                                      • Instruction Fuzzy Hash: 7BF12471A083518FE724CF28C49166BBBE5ABC5350F5CC96DE89A87383DA38DD058792
                                                                                      Function 0072AE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: %*+(
                                                                                      • API String ID: 0-3233224373
                                                                                      • Opcode ID: 66e8fff212367ab59233655fc1683996906eafb613e9568f4971f797794e25d9
                                                                                      • Instruction ID: 8145642c8c730101e147b0431b9a638f7a0b08417bc99341967a4961c9012ab5
                                                                                      • Opcode Fuzzy Hash: 66e8fff212367ab59233655fc1683996906eafb613e9568f4971f797794e25d9
                                                                                      • Instruction Fuzzy Hash: F1E1A971508316DBC324DF28E89066EB7F2FF98782F54891CE4C587261E339E959CB92
                                                                                      Function 00716EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: %*+(
                                                                                      • API String ID: 0-3233224373
                                                                                      • Opcode ID: 7bd6a6894f7cb2298221c49aad9f0c4b754a5a7ff65b6a8f37e420d0c386ffe5
                                                                                      • Instruction ID: db9c231f69e8e331fcccc1540a704f586e466d0b3fc8e495bf76932d54f31816
                                                                                      • Opcode Fuzzy Hash: 7bd6a6894f7cb2298221c49aad9f0c4b754a5a7ff65b6a8f37e420d0c386ffe5
                                                                                      • Instruction Fuzzy Hash: AFF1B0B5A00B01CFC724DF28D891A66B3F6FF49314B148A2DE49787691EB38F855CB54
                                                                                      Function 00727E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: %*+(
                                                                                      • API String ID: 0-3233224373
                                                                                      • Opcode ID: 3396c3b4c8b4471c0f758c46db77a44a7b509d0de831a61bd85572a632908c22
                                                                                      • Instruction ID: 8b33a461ea5cfcb320c8bb66a6185521f6fedb2e28ad64351c392dd2c5007e8e
                                                                                      • Opcode Fuzzy Hash: 3396c3b4c8b4471c0f758c46db77a44a7b509d0de831a61bd85572a632908c22
                                                                                      • Instruction Fuzzy Hash: 02C1D071509220EBD710EB14E942A2BB7F5EF95354F08891CF8C587292E73ADD15CBA3
                                                                                      Function 00728D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: %*+(
                                                                                      • API String ID: 0-3233224373
                                                                                      • Opcode ID: afd89ad2d34c4851f8e1f4aa68e8275dd517ee5a27aaf2bf14764b6d80866daa
                                                                                      • Instruction ID: c8fa8287e012256cbdf6b3be3dfd16791f13f90a946215f1a43ae73d684cf293
                                                                                      • Opcode Fuzzy Hash: afd89ad2d34c4851f8e1f4aa68e8275dd517ee5a27aaf2bf14764b6d80866daa
                                                                                      • Instruction Fuzzy Hash: 7ED1D070618302DFD704DF68EC90AAAB7F5FF88305F09886CE88687251D779E950CB95
                                                                                      Function 00714487 Relevance: 1.6, Strings: 1, Instructions: 389COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: BIq
                                                                                      • API String ID: 0-2330342746
                                                                                      • Opcode ID: 5f9f6db7bb8ee9d0649e295622d291e0fd55b9f1394959f2f0054670da1f5d69
                                                                                      • Instruction ID: f92218485f4cbb1c6af9a31f5c15663b1e1c4d4b69e8f44355a69f865510b35d
                                                                                      • Opcode Fuzzy Hash: 5f9f6db7bb8ee9d0649e295622d291e0fd55b9f1394959f2f0054670da1f5d69
                                                                                      • Instruction Fuzzy Hash: 6BE10FB5601B00CFD325CF28D996B97B7E1FF06704F04886DE4AA8B692E739B854CB54
                                                                                      Function 00747FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: P
                                                                                      • API String ID: 0-3110715001
                                                                                      • Opcode ID: 35874d2d01398e78b34920224abf2f7d77332d687b4110d58b0395d6f0fa94ed
                                                                                      • Instruction ID: e70f34a4d3df5f4e1c51da17d84310aa54996f32f06d1b9391f3d0fae351054d
                                                                                      • Opcode Fuzzy Hash: 35874d2d01398e78b34920224abf2f7d77332d687b4110d58b0395d6f0fa94ed
                                                                                      • Instruction Fuzzy Hash: 16D1F6729082658FC765CE18D89071EB7E1EB85718F158A3CE8B5AB390DB79DC05C7C2
                                                                                      Function 00746CBF Relevance: 1.6, Strings: 1, Instructions: 384COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: "pt
                                                                                      • API String ID: 0-3168765775
                                                                                      • Opcode ID: 080885040aaa7397c2a3d1f23f237a274efabebc979432b672e9eb3ba21adf54
                                                                                      • Instruction ID: f21f7a7f59a8521c24ac133136ff52a1a740c1289d7a570c948b35a47c2b135a
                                                                                      • Opcode Fuzzy Hash: 080885040aaa7397c2a3d1f23f237a274efabebc979432b672e9eb3ba21adf54
                                                                                      • Instruction Fuzzy Hash: 7FD12336618351CFC714CF38D88056ABBE2FB8A355F098A6CE891C73A1D379DA44CB95
                                                                                      Function 0072CCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID: %*+(
                                                                                      • API String ID: 2994545307-3233224373
                                                                                      • Opcode ID: 470144012a4c916050d5eae1aca5cc937e694b7198ebb9a0775e4b8474f42796
                                                                                      • Instruction ID: c2bc96c4367f9224597fe290be24e030814b2fab74cf63f367a66571d990a43d
                                                                                      • Opcode Fuzzy Hash: 470144012a4c916050d5eae1aca5cc937e694b7198ebb9a0775e4b8474f42796
                                                                                      • Instruction Fuzzy Hash: FCB1F171A083518BD725DF14E891B2FBBE2EFA5340F14492CE5C58B352E339E855CBA2
                                                                                      Function 0070A850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: ,
                                                                                      • API String ID: 0-3772416878
                                                                                      • Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                                      • Instruction ID: 7b93703ac7cfedc1028e45645c437100fd0a46e50413f6faa61d435714a3b0e5
                                                                                      • Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                                      • Instruction Fuzzy Hash: C0B12871208381DFD325CF18C88061BBBE1AFA9704F448A2DF5D997382D675EA18CB67
                                                                                      Function 0073FC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: %*+(
                                                                                      • API String ID: 0-3233224373
                                                                                      • Opcode ID: 62d49a04b7901fe06524ab57e0df3e1bc0eb119a80b6aa975827b9de6a99295e
                                                                                      • Instruction ID: 41b3721d69ab1bddc46999a1a2ada4a53bd60f05b68380208d65ee0769db86c6
                                                                                      • Opcode Fuzzy Hash: 62d49a04b7901fe06524ab57e0df3e1bc0eb119a80b6aa975827b9de6a99295e
                                                                                      • Instruction Fuzzy Hash: E081F070A18301EBE710DF58EC98B2AB7E5FB89742F04882CF5C487292D779D815CB62
                                                                                      Function 0071D457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: %*+(
                                                                                      • API String ID: 0-3233224373
                                                                                      • Opcode ID: aef974c855a545d4c76df03929a4f3029a1e80672680bb6d1bc140605a5af103
                                                                                      • Instruction ID: 1d623b1d1c81f0431da5cd0b59b466aee8ec35566bb6f8c53edb730f770c5f22
                                                                                      • Opcode Fuzzy Hash: aef974c855a545d4c76df03929a4f3029a1e80672680bb6d1bc140605a5af103
                                                                                      • Instruction Fuzzy Hash: E061D3B1904314DBD720EF18DC42AAAB3B1FF94354F08492CF98587291E779DD50CB92
                                                                                      Function 00744A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: %*+(
                                                                                      • API String ID: 0-3233224373
                                                                                      • Opcode ID: df0205d3a0a7bd59a833856bfa3491cc892e7b9281721fe4e89dfd11b892c65b
                                                                                      • Instruction ID: 4b5f026fbaa1077d8ccd9c208640ac4927d96ebcc3d57a9fa88808a294e12b58
                                                                                      • Opcode Fuzzy Hash: df0205d3a0a7bd59a833856bfa3491cc892e7b9281721fe4e89dfd11b892c65b
                                                                                      • Instruction Fuzzy Hash: 1061F4B1608341DFD711DF55C880B2AB7E6EBC4315F18891CE5C587292D779EC40EB66
                                                                                      Function 0079FF22 Relevance: 1.4, Strings: 1, Instructions: 179COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: p}{
                                                                                      • API String ID: 0-3316998380
                                                                                      • Opcode ID: 2a6bc2dc6c47c189c4cd3d3d7b52682c88d452c4b4ce4f38f52f0e2e3c059ccd
                                                                                      • Instruction ID: 09e20510a148e2b48c2ae37cbae99c6f58d8121ff6c30a8df285f655454ff3ca
                                                                                      • Opcode Fuzzy Hash: 2a6bc2dc6c47c189c4cd3d3d7b52682c88d452c4b4ce4f38f52f0e2e3c059ccd
                                                                                      • Instruction Fuzzy Hash: B05157F3E141205BE3146939DC553A6BADADB94360F2B463DDF88E7B80E8799C0182C6
                                                                                      Function 0070E1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 0070E333
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
                                                                                      • API String ID: 0-2471034898
                                                                                      • Opcode ID: ace0b604d51feaad08848d29f6b6c2f78156004c3d2d4496b0c816ec02db1bb3
                                                                                      • Instruction ID: 5827387d9182ea57b108a120c8cadb7f57699d63813030af294e5650fc002a9e
                                                                                      • Opcode Fuzzy Hash: ace0b604d51feaad08848d29f6b6c2f78156004c3d2d4496b0c816ec02db1bb3
                                                                                      • Instruction Fuzzy Hash: 74511837B1AA90CBD329893C5C55269BEC71B93334B2DCB6AE9F1CB3E1D65D48014390
                                                                                      Function 007A6CA6 Relevance: 1.4, Strings: 1, Instructions: 174COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: \*:8
                                                                                      • API String ID: 0-2565786327
                                                                                      • Opcode ID: 97212c08d34b225d41b3909ff7e0bc66c71540e3390aff2d2cddd9d732a1c5e0
                                                                                      • Instruction ID: b7814f978e885057a061547647adb21bbfddd4ad736559d235764e02b3be8649
                                                                                      • Opcode Fuzzy Hash: 97212c08d34b225d41b3909ff7e0bc66c71540e3390aff2d2cddd9d732a1c5e0
                                                                                      • Instruction Fuzzy Hash: B35127F39086109FD3046E2DEC9476AFBEAEB98320F27453DE9C593780EA35194587D2
                                                                                      Function 00743920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: %*+(
                                                                                      • API String ID: 0-3233224373
                                                                                      • Opcode ID: 0e7a1e196e3642ead5de8e3708ea7138f123a27c772a7f5a518dc4d9ae60e0e9
                                                                                      • Instruction ID: ab09d474184880047210f5b541be3789342395faeb221182f25258de02c154c4
                                                                                      • Opcode Fuzzy Hash: 0e7a1e196e3642ead5de8e3708ea7138f123a27c772a7f5a518dc4d9ae60e0e9
                                                                                      • Instruction Fuzzy Hash: 81519D70609340DBDB24DF15D894A2EBBE5EF89749F18C81CE4CA87251D37AEE10CB62
                                                                                      Function 00711BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: L3
                                                                                      • API String ID: 0-2730849248
                                                                                      • Opcode ID: 7ec876bb035cd244448fb5e9d2fd9ed063b43edfd7a4b7c0c3a4989c934128b6
                                                                                      • Instruction ID: 56dca161681b79742ae0f830cb88cad66b34da8479718fcdb008d8c31103441d
                                                                                      • Opcode Fuzzy Hash: 7ec876bb035cd244448fb5e9d2fd9ed063b43edfd7a4b7c0c3a4989c934128b6
                                                                                      • Instruction Fuzzy Hash: 024176B40083809BC7149F18D854A6FBBF0FF86714F44891CF6C59B291E73AC955CBAA
                                                                                      Function 0073FF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: %*+(
                                                                                      • API String ID: 0-3233224373
                                                                                      • Opcode ID: dc9e1911dd610d7ee9b93c96e3d5270a9e5877c7535ef88cefb1f13f67d4a648
                                                                                      • Instruction ID: 55c4efb87c5d350c0b65946d4b64f417adc6c6bb171df957b5b4203507f7021b
                                                                                      • Opcode Fuzzy Hash: dc9e1911dd610d7ee9b93c96e3d5270a9e5877c7535ef88cefb1f13f67d4a648
                                                                                      • Instruction Fuzzy Hash: 0C3106B1A08301EBD610EB64DC85B3BB7E8EB85744F544928FA8597262E339DC14C7E3
                                                                                      Function 0072E40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 72?1
                                                                                      • API String ID: 0-1649870076
                                                                                      • Opcode ID: a4b24e937e4e8c4d2d4251eb33a0e402e9e7b7c8a42876db0a10b9b7b3db791d
                                                                                      • Instruction ID: 2c95e8f8f5cf45c2f2d034d2e6df9f8d47cebb34e537fa361cc2402fcb56ac65
                                                                                      • Opcode Fuzzy Hash: a4b24e937e4e8c4d2d4251eb33a0e402e9e7b7c8a42876db0a10b9b7b3db791d
                                                                                      • Instruction Fuzzy Hash: F031E6B5A00354CFD720CF94E8806AFB7B4FB06346F54456CE446A7341D339AE04CBA1
                                                                                      Function 00716F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: %*+(
                                                                                      • API String ID: 0-3233224373
                                                                                      • Opcode ID: 88683d670f3d661205d4c8cd31deffa00f6bef9ca5fc260b2c1c7aed6facd045
                                                                                      • Instruction ID: 60ecceb1f0321ea297d66c9569cee3b29a7145baae678979e5d240d30ad77492
                                                                                      • Opcode Fuzzy Hash: 88683d670f3d661205d4c8cd31deffa00f6bef9ca5fc260b2c1c7aed6facd045
                                                                                      • Instruction Fuzzy Hash: 5D414775204B04DBD7388F69C994F26B7F2FB0D701F148918E5869BAA1E37AF840CB64
                                                                                      Function 0072E66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 72?1
                                                                                      • API String ID: 0-1649870076
                                                                                      • Opcode ID: 5569bd8802002b1cbbe31e7a7c25ecfdc18f51e7b8c140a782c6e5d09e248cbe
                                                                                      • Instruction ID: 5e38a2c681e83ff7685de910b39d2c0b73baf6818587bbff510aadf7da0362b4
                                                                                      • Opcode Fuzzy Hash: 5569bd8802002b1cbbe31e7a7c25ecfdc18f51e7b8c140a782c6e5d09e248cbe
                                                                                      • Instruction Fuzzy Hash: D421B2B1A00354CFC720CF95E9906AFBBF5BB1A746F58495CE446AB341D339AE00CBA5
                                                                                      Function 00749CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID: @
                                                                                      • API String ID: 2994545307-2766056989
                                                                                      • Opcode ID: 2edea360f113e8f46dce1dca8b0926b8ddd8de1486ecc0cc85663329631b6e57
                                                                                      • Instruction ID: 0a3c4b5c9bda2afe68e2db6101ac3f6282bdde977c0fe880e6907bca798986fe
                                                                                      • Opcode Fuzzy Hash: 2edea360f113e8f46dce1dca8b0926b8ddd8de1486ecc0cc85663329631b6e57
                                                                                      • Instruction Fuzzy Hash: C6318970A093009BD714EF15D880A2BFBF9FF9A314F14892CE6C997251D379D904CBA6
                                                                                      Function 00714E2A Relevance: 1.0, Instructions: 957COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 98f1f943e5c370d209e47592c8f2abf734c109a371aa97bc63b0712f0b49aae2
                                                                                      • Instruction ID: 3558554dd1e6b948625df3931ea760bc7597a1017f460bbacf4db796332b514a
                                                                                      • Opcode Fuzzy Hash: 98f1f943e5c370d209e47592c8f2abf734c109a371aa97bc63b0712f0b49aae2
                                                                                      • Instruction Fuzzy Hash: F7627DB4500B40CFD725CF28C994B67B7F6AF89700F548A2DD49A87A92E738F844CB90
                                                                                      Function 0070BEB0 Relevance: .9, Instructions: 895COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                                      • Instruction ID: af6d096c9544a44d8e17bb151d0bfbf99f41280d98fe8bc19f9a77cc696d803f
                                                                                      • Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                                      • Instruction Fuzzy Hash: 8B52F731908711CBC7269F18D8402BAB3E1FFD5319F298B2DD9C6932C1E739A855CB86
                                                                                      Function 00748652 Relevance: .7, Instructions: 710COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2cb4a4476784e238fdfb6f5c305a89b171dc87ac67f230ca341bd489bb819fc5
                                                                                      • Instruction ID: 09cc39cca208fb88763c4a6b45a7296be15a92d7d706ea1aa75f11a2b8aa4434
                                                                                      • Opcode Fuzzy Hash: 2cb4a4476784e238fdfb6f5c305a89b171dc87ac67f230ca341bd489bb819fc5
                                                                                      • Instruction Fuzzy Hash: B222EB35608345DFC704DF68E88066AB7F1FF8A31AF09886DE58987361D779D890CB46
                                                                                      Function 007486F0 Relevance: .7, Instructions: 681COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2b8c3707c1297b5e67572a12a7649a2ba1b30061f1cc4cab0f4044ec307d0197
                                                                                      • Instruction ID: 544623be10402f8283b6a0121777f94daf8453fd1b21862ffb8b9e0af5529ee2
                                                                                      • Opcode Fuzzy Hash: 2b8c3707c1297b5e67572a12a7649a2ba1b30061f1cc4cab0f4044ec307d0197
                                                                                      • Instruction Fuzzy Hash: F422CB35608344DFD704DF68E89061EBBF1FB8A30AF09896DE58987361D779E890CB46
                                                                                      Function 0070B3A0 Relevance: .7, Instructions: 670COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7d53f5f55a7bdb1f9baabf1a2611cac7d6e6facdfdc7c0b3c139502ca4b4e262
                                                                                      • Instruction ID: 7c8dec4a132f72244e63d3dd5b2d7634910690b89710b81ee2db0cd49a862712
                                                                                      • Opcode Fuzzy Hash: 7d53f5f55a7bdb1f9baabf1a2611cac7d6e6facdfdc7c0b3c139502ca4b4e262
                                                                                      • Instruction Fuzzy Hash: 3252C370A08B84CFE735CB24C4847A7BBE2AB95314F144E6EC5D606BC2D77DAA84CB51
                                                                                      Function 007071F0 Relevance: .7, Instructions: 657COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5ac4b9a1cd281c0b8258a23e25f102a7820432bff962a52c00b9d7fa9e83faf5
                                                                                      • Instruction ID: 16c654897de27283dd1c1f30416cb76a2d496b5f17018b3f014671ba7247e746
                                                                                      • Opcode Fuzzy Hash: 5ac4b9a1cd281c0b8258a23e25f102a7820432bff962a52c00b9d7fa9e83faf5
                                                                                      • Instruction Fuzzy Hash: B252A47190C345CFCB19CF18C4906AABBE1BF88314F198A6DF89957392D778E949CB81
                                                                                      Function 00708FD0 Relevance: .6, Instructions: 620COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: da270689e2d55f2c6362ddb83af47a78ea5f741caa18951400b5c0a22f154ee0
                                                                                      • Instruction ID: 1e145256e6f4a2fc0120138d7ca6eb5ac4d26bd51e43bb0ea4b47e350df13277
                                                                                      • Opcode Fuzzy Hash: da270689e2d55f2c6362ddb83af47a78ea5f741caa18951400b5c0a22f154ee0
                                                                                      • Instruction Fuzzy Hash: 53428779608341DFD704CF28D8507AABBE1BF89324F09896DE5858B3A2D339D995CF42
                                                                                      Function 00707BF0 Relevance: .6, Instructions: 592COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5beb64795689eaac95b6e7c2ff2e8860144082d566cac5f00784a178a16d3ddd
                                                                                      • Instruction ID: 71ddaf4aad3e26fd6efe7406745949fc7bcfe9e27f99d78999d556e6f99970b4
                                                                                      • Opcode Fuzzy Hash: 5beb64795689eaac95b6e7c2ff2e8860144082d566cac5f00784a178a16d3ddd
                                                                                      • Instruction Fuzzy Hash: F2321270A15B11CFC368CF29C59052ABBF2BF45710B604A2ED6A787B91D73AF845CB10
                                                                                      Function 007489A0 Relevance: .5, Instructions: 545COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 64d69033eb817cd6dc315a20924e2c8982315527743297bf6cb4aae55fe12944
                                                                                      • Instruction ID: 9a1701fdec3dbeba024a17c3e9bb1ed55c8b943c03a9460c8fe1bf3ab6fe2ee6
                                                                                      • Opcode Fuzzy Hash: 64d69033eb817cd6dc315a20924e2c8982315527743297bf6cb4aae55fe12944
                                                                                      • Instruction Fuzzy Hash: 6E02A935608341DFC704DF68E88061ABBE1FB8A30AF09896DE58987261D77AD850CB96
                                                                                      Function 00748A80 Relevance: .5, Instructions: 524COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 82c41a753ee55a039018131a1604f39ca88d5b3c36144c2560be016a5c815cc8
                                                                                      • Instruction ID: 41f4ba40a4c06a03c0ef50074e4af4b8399d43726edad6e629e29517d93b0c9c
                                                                                      • Opcode Fuzzy Hash: 82c41a753ee55a039018131a1604f39ca88d5b3c36144c2560be016a5c815cc8
                                                                                      • Instruction Fuzzy Hash: 2FF1883560C341DFD704DF28E88061EBBE1BB8A30AF09896DE5C987261D77AD950CB96
                                                                                      Function 00748C02 Relevance: .5, Instructions: 487COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 870c55fcd6c7b6fa80bae0386bc44fe901ab60ba3bb394a983d02cd49f354e04
                                                                                      • Instruction ID: be08ce640e0101a63587b8a8bc462e16a1754cc2922844fe5265e2f9245df090
                                                                                      • Opcode Fuzzy Hash: 870c55fcd6c7b6fa80bae0386bc44fe901ab60ba3bb394a983d02cd49f354e04
                                                                                      • Instruction Fuzzy Hash: 9CE1BE31608351DFC704DF28E88066AF7E1FB8A31AF09896CE5C997361D77AD950CB92
                                                                                      Function 0070A300 Relevance: .5, Instructions: 459COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                                      • Instruction ID: fd85349c1a3ec25272d60243794b90d182ced720e486cedc9a98960d3b328d95
                                                                                      • Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                                      • Instruction Fuzzy Hash: A7F1AC76608341DFC725CF29C88166BFBE6AFD8300F08892DE4D587792E639E945CB52
                                                                                      Function 00748E70 Relevance: .4, Instructions: 420COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c9873337c50320fc402af9f28ff12c559741ce672cc4a9ebb8453452e178393b
                                                                                      • Instruction ID: e02f960747be0cf823833362b325912da37edb8d0ea537f46676bcffedc96e30
                                                                                      • Opcode Fuzzy Hash: c9873337c50320fc402af9f28ff12c559741ce672cc4a9ebb8453452e178393b
                                                                                      • Instruction Fuzzy Hash: 26D18A3460C391DFD704EF28D88062EFBE5BB8A309F09896DE5C587261D77AD850CB96
                                                                                      Function 00747AB0 Relevance: .4, Instructions: 354COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6d456592d7cccdbca16b402e622fbe04e4743940ff0710c8f00edcc02e0b5d46
                                                                                      • Instruction ID: 77e85d79349a76159b7609844ca6934a0f00f1fba92209254935d2f5b4e61875
                                                                                      • Opcode Fuzzy Hash: 6d456592d7cccdbca16b402e622fbe04e4743940ff0710c8f00edcc02e0b5d46
                                                                                      • Instruction Fuzzy Hash: D4B1D8B2A083508BD728DB28CC4576BB7E9EBC5314F084A6DE995D7391E739DC04CB92
                                                                                      Function 0070AF10 Relevance: .3, Instructions: 303COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                                      • Instruction ID: 0516c7789a24fa35f16baa9b9b827988d932ac32f629a5566e0a9a0cbe1bcf6f
                                                                                      • Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                                      • Instruction Fuzzy Hash: F4C16DB2A08741CFC360CF68DC96BABB7E1BF85318F084A2DD1D9C6242E778A155CB45
                                                                                      Function 00716536 Relevance: .3, Instructions: 295COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 57e20c9afdb1d05982371ff353ee4c3fa2eca67721b3cb25b790983031113786
                                                                                      • Instruction ID: d0384296e6bf98dc5067cb0cd0ab7e1f8b95946828398a96d279975282791785
                                                                                      • Opcode Fuzzy Hash: 57e20c9afdb1d05982371ff353ee4c3fa2eca67721b3cb25b790983031113786
                                                                                      • Instruction Fuzzy Hash: FBB102B4500B408FD325CF28C985B57BBF2AF46704F14885CE8AA8BB92E379F845CB55
                                                                                      Function 00747710 Relevance: .3, Instructions: 287COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: e3a2851ed3501ea38100cb38fe434a87cbf28e1d0bbec1d0c7723f11104e12bf
                                                                                      • Instruction ID: 67fede494df88842c31cfb73757e8a85d49b14d6c33ec2e3f1eee5ace76ff9e2
                                                                                      • Opcode Fuzzy Hash: e3a2851ed3501ea38100cb38fe434a87cbf28e1d0bbec1d0c7723f11104e12bf
                                                                                      • Instruction Fuzzy Hash: 9B91AC7160C301ABE728DB14C884BAFBBE5EB89350F548C1CF89487352E738E940CB92
                                                                                      Function 0074A0D0 Relevance: .3, Instructions: 282COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7bc7dfbbc2980358a2dabe461d4a396577b9cdefe86399479008e60d97453272
                                                                                      • Instruction ID: efcfbe963d6229898287c245ee623163ab331f561a1f9973efa6e34a61c55d50
                                                                                      • Opcode Fuzzy Hash: 7bc7dfbbc2980358a2dabe461d4a396577b9cdefe86399479008e60d97453272
                                                                                      • Instruction Fuzzy Hash: D081AC34248705ABD724DF28D890A2EB7F5FF89740F45892CE586CB252E739EC10CB92
                                                                                      Function 007364F0 Relevance: .2, Instructions: 246COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 550698f470288b0972ddd3cb8d73b64d9b14b0c2b6a257689e4f0db415b82bdd
                                                                                      • Instruction ID: f3bae0f1f5afba0729fd8207d75dc984fdd673256cce089d0c2abae7ed85b52a
                                                                                      • Opcode Fuzzy Hash: 550698f470288b0972ddd3cb8d73b64d9b14b0c2b6a257689e4f0db415b82bdd
                                                                                      • Instruction Fuzzy Hash: 2071E637B29A904BE3159D3C8C42395AA534BD7334F3DC37AA9B48B3E6D62D8C064340
                                                                                      Function 007228E9 Relevance: .2, Instructions: 244COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 81cc82eeef9779b1c3fca9daba7f2067cf7f1cb101b9eb4abdcd38ddfcad5f07
                                                                                      • Instruction ID: 47a6ef90d9c80c23720a6dbc4cc265989391b2b497921eccb777a3a1b6741ba4
                                                                                      • Opcode Fuzzy Hash: 81cc82eeef9779b1c3fca9daba7f2067cf7f1cb101b9eb4abdcd38ddfcad5f07
                                                                                      • Instruction Fuzzy Hash: A56188B4508360DBD310AF14E851A2BBBF0FFA6750F18891CE5C58B362E339D911CBA6
                                                                                      Function 00727C00 Relevance: .2, Instructions: 243COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6836a8543f4dd5ec00742aad5d6276dfaa9368c8b78fde5f94710ff35749c480
                                                                                      • Instruction ID: cfd03fe8c4347d10904b702f543d3366fd7d5a8246056322284c9a6de6848ae5
                                                                                      • Opcode Fuzzy Hash: 6836a8543f4dd5ec00742aad5d6276dfaa9368c8b78fde5f94710ff35749c480
                                                                                      • Instruction Fuzzy Hash: ED51DFB1708224ABDB249B24DC86B7733B8EF86364F148958F9858B390F379E841C761
                                                                                      Function 007DD034 Relevance: .2, Instructions: 230COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 24ff585ddfd59f82741561e07c50cd04f0c9db0505e822b2e2b961df633aa63a
                                                                                      • Instruction ID: 490b03aba738b5bb511eebfb3bdfb388d06e1002dff1f2d468fada02e483421a
                                                                                      • Opcode Fuzzy Hash: 24ff585ddfd59f82741561e07c50cd04f0c9db0505e822b2e2b961df633aa63a
                                                                                      • Instruction Fuzzy Hash: 556128F3A186009BF314AA29EC8677AB7D5DFD4310F1A8A3CD7D4C7784EA3D94018656
                                                                                      Function 00731860 Relevance: .2, Instructions: 217COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                                      • Instruction ID: f423e8c45f790fea6c1c9a1430e4f77483c5ae4d9699fb5a0389b4f1b92ad7a2
                                                                                      • Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                                      • Instruction Fuzzy Hash: 8061D0316093519BE714CE28C58032FBBE2ABC9351FA9C92EE4898B352D378ED819741
                                                                                      Function 007382D0 Relevance: .2, Instructions: 215COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 99c1f0c53d187ab8a49aef64f0a7522d24ac3273a50e0fdfb28f67ad87b560b0
                                                                                      • Instruction ID: 0af1768c7875f02bb1e1ac6ee6fe2aa111bf0f3fc79b96c0740ff70c49d68fc2
                                                                                      • Opcode Fuzzy Hash: 99c1f0c53d187ab8a49aef64f0a7522d24ac3273a50e0fdfb28f67ad87b560b0
                                                                                      • Instruction Fuzzy Hash: 56612827B5AB904BE355493C5C553AAAA831BD2730F3EC366A9F18B3E6DE7D48014343
                                                                                      Function 007142FC Relevance: .2, Instructions: 206COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 61b8b5648fa05a83e5bdb51b0dd34e2136b8dd8e9ddab8373f2f92f71692027c
                                                                                      • Instruction ID: 6627b69058b67d9a8aafe00c3e3b3ecf22797ec02045577513df1f19bb587f5e
                                                                                      • Opcode Fuzzy Hash: 61b8b5648fa05a83e5bdb51b0dd34e2136b8dd8e9ddab8373f2f92f71692027c
                                                                                      • Instruction Fuzzy Hash: 2881E1B4810B00AFD360EF39D947797BEF4AB06301F404A1DE8EA97695E7346459CBE2
                                                                                      Function 0073E8A0 Relevance: .2, Instructions: 189COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                      • Instruction ID: 4b88afc5bf441c7ece61b26753eebf9ae0f4191f299de5d078815e161de61a31
                                                                                      • Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                      • Instruction Fuzzy Hash: 99515DB16087548FE314DF69D49436BBBE1BBC5318F044E2DE4E987391E379DA088B82
                                                                                      Function 00747520 Relevance: .2, Instructions: 176COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 975ffb70419f5766be9e890004644e1d1a0198f73e0b4369afd89064f2ca9f01
                                                                                      • Instruction ID: 79d3f543d5849d027ea7b64b7c54dad3d7b656460a98aa31ec4fd9d7d93dbe64
                                                                                      • Opcode Fuzzy Hash: 975ffb70419f5766be9e890004644e1d1a0198f73e0b4369afd89064f2ca9f01
                                                                                      • Instruction Fuzzy Hash: 1551077160C3009BC7199E18CC90B2EB7E6FB89355F698A2CE8D557391D739EC10C7A2
                                                                                      Function 00864549 Relevance: .2, Instructions: 168COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 08b26970555862f2e158a53838f0602d86d7776a963983bd3b500134a2985a84
                                                                                      • Instruction ID: af456edeb0c71de5aebfecc57045c0625e140a44f6ab3f59600ff256902879d0
                                                                                      • Opcode Fuzzy Hash: 08b26970555862f2e158a53838f0602d86d7776a963983bd3b500134a2985a84
                                                                                      • Instruction Fuzzy Hash: 305125F3A087145BE7086E38DC8937ABBD5EB80710F1B453DEAC48B784E97959418786
                                                                                      Function 00705A50 Relevance: .2, Instructions: 163COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1a4720e680164e6c9d4872647dc8d581bc1f1f60cd9068ebf2fa2f1a58c11f21
                                                                                      • Instruction ID: 89078231349f0d6a0d9d31f5e662beab9e3aa09b98c43ab2fe46ecee13555cfa
                                                                                      • Opcode Fuzzy Hash: 1a4720e680164e6c9d4872647dc8d581bc1f1f60cd9068ebf2fa2f1a58c11f21
                                                                                      • Instruction Fuzzy Hash: 0F519DB5A04705DFD7149F14C880927BBE1FF85324F19876CE8958B392D635EC42CB92
                                                                                      Function 007F4F99 Relevance: .2, Instructions: 155COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 611c3f40184ec5c18664333a5e6f2a269a605dbf1003b9735225fbefebaa1f31
                                                                                      • Instruction ID: 47cafe2ad3d66d1b15c45b2fef8d1877c56da012388f0a52f59eb5209db40f22
                                                                                      • Opcode Fuzzy Hash: 611c3f40184ec5c18664333a5e6f2a269a605dbf1003b9735225fbefebaa1f31
                                                                                      • Instruction Fuzzy Hash: 9F4125F3E085205BE3585A2EDC05B6BBAE7EBD4320F17C23DD6C897384E97848058682
                                                                                      Function 0072EC48 Relevance: .1, Instructions: 146COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4e005128ddfa2bc5146bcca99a0cf380641bb15eb8088fcba96e419f9cf59e53
                                                                                      • Instruction ID: 733a9b4f985f4c49824e391d5c8ce1fe0021b9f165adeb5cd6d6b68c27c0d814
                                                                                      • Opcode Fuzzy Hash: 4e005128ddfa2bc5146bcca99a0cf380641bb15eb8088fcba96e419f9cf59e53
                                                                                      • Instruction Fuzzy Hash: A941AF74A00325DBDF20CF94EC91BADB7B0FF0A311F544548E945AB3A1EB38A951CBA5
                                                                                      Function 00749B60 Relevance: .1, Instructions: 140COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c103ca03e294e638bda5774372978fbd391a95b9585aef9c3fbfbfea503643d3
                                                                                      • Instruction ID: 76119b8dca1fdd8de75f4a85c6b6b27c659d12437c3b5666fb8e0ffc36d4e8c4
                                                                                      • Opcode Fuzzy Hash: c103ca03e294e638bda5774372978fbd391a95b9585aef9c3fbfbfea503643d3
                                                                                      • Instruction Fuzzy Hash: C5419174208300EBD710DF25D9D5B2FB7E6EB85710F54882CF6899B251D379E800CBA6
                                                                                      Function 00865C66 Relevance: .1, Instructions: 137COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bbe470d304ab9fe8d0067d4bdbd6264718a821eb5cf4758675c253a00c91eb52
                                                                                      • Instruction ID: f27e0f5ad9928002e0ce7ec61c9f2722994fce656181b03591c6828993864814
                                                                                      • Opcode Fuzzy Hash: bbe470d304ab9fe8d0067d4bdbd6264718a821eb5cf4758675c253a00c91eb52
                                                                                      • Instruction Fuzzy Hash: 234127F39092049FE3116928DC857AAB7E6EFD4320F1B463DDBD483744EA395D108782
                                                                                      Function 00712030 Relevance: .1, Instructions: 136COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 27aec9e6f10f85f56029e84c96414f0c9e5dfed2385812ca567a9e255db4aa5c
                                                                                      • Instruction ID: a84020472674405ac1d5e5ab1fd6d0df92e5ff21ca3b292ec4e594af3ab101f1
                                                                                      • Opcode Fuzzy Hash: 27aec9e6f10f85f56029e84c96414f0c9e5dfed2385812ca567a9e255db4aa5c
                                                                                      • Instruction Fuzzy Hash: DA41F632A083654FD35DCE2D849067ABBE2ABC9300F09C66EE4D6873D1DB788995D781
                                                                                      Function 00711E93 Relevance: .1, Instructions: 131COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b3896ad0136edf190e200f349b33fb8c11bf29ad7bacea3f4a02c8f793fef745
                                                                                      • Instruction ID: 5b3f850d6f0df936d8b213ee8d9b6259b8dac011cdd5e63fa0c74fcd34c7d1d7
                                                                                      • Opcode Fuzzy Hash: b3896ad0136edf190e200f349b33fb8c11bf29ad7bacea3f4a02c8f793fef745
                                                                                      • Instruction Fuzzy Hash: F241F2745083809BD320AF58C888B1EFBF5FB86745F144D1DF6C4A7292C37AD8558B66
                                                                                      Function 00748D8A Relevance: .1, Instructions: 124COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ed0a92bb914ec237f98bf1faaf89ea8d93608d9fb12ebb4a9c70f637e8d579ff
                                                                                      • Instruction ID: 85c6d49f68b2e82318ae1125e415bbbdd7db4ae9c6a24b34e190e1fdf29b5e58
                                                                                      • Opcode Fuzzy Hash: ed0a92bb914ec237f98bf1faaf89ea8d93608d9fb12ebb4a9c70f637e8d579ff
                                                                                      • Instruction Fuzzy Hash: B041CF31A0D2548FC344EF68C49062EFBE6AF99300F098A6DD4D5D72A2DB79DD018B92
                                                                                      Function 0071D961 Relevance: .1, Instructions: 121COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 734c1ad747fbd9ba541dc2208cefd928ad0bdcbc5bf55ca45855d591c9657818
                                                                                      • Instruction ID: 2317e16269a8b6604d9054d24fa9249db96ae3a978c588f2af61f7b32709a858
                                                                                      • Opcode Fuzzy Hash: 734c1ad747fbd9ba541dc2208cefd928ad0bdcbc5bf55ca45855d591c9657818
                                                                                      • Instruction Fuzzy Hash: 6E41ABB1648391CBD730DF14C845BEBB7B0FF96361F048A58E48A8B691E7785980CB97
                                                                                      Function 0073F030 Relevance: .1, Instructions: 104COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                                      • Instruction ID: ad19e55198cd5cdac8cc0c84f2c7f6f4f129b42939c005d0119a454032329dfb
                                                                                      • Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                                      • Instruction Fuzzy Hash: 18213A32D0822447D3289B1DC58053BF7E4EB99744F06863EE8C497296E339DC1087E2
                                                                                      Function 007467EF Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 22af582dd7d3b136d1bc065eb8289b6a9164012d53c217b910ea36b50e6f78e4
                                                                                      • Instruction ID: 5a233f94564ab7e5a8eb6dd932d1f84cb0e374872ed6fd4d2b42e407a49545aa
                                                                                      • Opcode Fuzzy Hash: 22af582dd7d3b136d1bc065eb8289b6a9164012d53c217b910ea36b50e6f78e4
                                                                                      • Instruction Fuzzy Hash: 4531F5705183829AE714CF14C49066FBBF0AF96789F54590DF4C8AB262E338D985CB9A
                                                                                      Function 00725E70 Relevance: .1, Instructions: 99COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8445bd45df16f84d3d6c4c5a8e1f401e58fd96f42cb96a7824d84d1bed06368a
                                                                                      • Instruction ID: 87407c332ba2489715abbbc271d8c1cab5f3787ee08c092d7f181582d0ec3181
                                                                                      • Opcode Fuzzy Hash: 8445bd45df16f84d3d6c4c5a8e1f401e58fd96f42cb96a7824d84d1bed06368a
                                                                                      • Instruction Fuzzy Hash: F421A170908221DBC310AF18D94597BB7F4EF96765F458A0CF4D59B292E338DA00CBA3
                                                                                      Function 007049A0 Relevance: .1, Instructions: 95COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                                      • Instruction ID: b16061ee81d0a38fac2c3de04c7c897b051ac7de0409c22326c822474ca00d33
                                                                                      • Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                                      • Instruction Fuzzy Hash: E331C7F1758200DBD7109E68D88492BB7E1EF84358F18CB3CE99AD7281D239EC42CB46
                                                                                      Function 007464B8 Relevance: .1, Instructions: 83COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0b050e95617b37608c29f0ed95f84478c180bc1d4d7bcab37cafbdc316fb067b
                                                                                      • Instruction ID: 2f98a0d39c89ba4214a823cbcf55be9f09c393166f4bfe1520380deb056e5bd5
                                                                                      • Opcode Fuzzy Hash: 0b050e95617b37608c29f0ed95f84478c180bc1d4d7bcab37cafbdc316fb067b
                                                                                      • Instruction Fuzzy Hash: 6F21397460C280DBCB04EF19D490A2EFBE6EB9A745F18881CE4C593261C339A850CB67
                                                                                      Function 00911E12 Relevance: .1, Instructions: 76COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9787770457fcd23e8ef9b727cf051bd4b1b179aa04224bf292cf8c8b5595758e
                                                                                      • Instruction ID: 851ab992b5ac1c88c717e4ec18b287932a26b9185dbfdf90bc0c6149cc7509c1
                                                                                      • Opcode Fuzzy Hash: 9787770457fcd23e8ef9b727cf051bd4b1b179aa04224bf292cf8c8b5595758e
                                                                                      • Instruction Fuzzy Hash: 522126F392C108EBC24CB97CDDE56B6B7A89B14310F660E2ECF8792740E52909959287
                                                                                      Function 0073B650 Relevance: .1, Instructions: 64COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                      • Instruction ID: da2a6854e6662caff330ec35e775e37775e0b8a07c8c3badaac9e52b2b4fadc1
                                                                                      • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                      • Instruction Fuzzy Hash: 5F11E533A051D88ED3168D3C8441565BFA31AE3234F5983D9F4B89B2D3D7268D8A8364
                                                                                      Function 00730B80 Relevance: .1, Instructions: 63COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                                      • Instruction ID: ac9d02efd8625b08059446aa1951d29e4c45d59578196190bc64844d3f498d63
                                                                                      • Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                                      • Instruction Fuzzy Hash: 16015EF5B0030287F7219F5498E5B3BF2A86B80718F18462CE84657243DB79EC05C6E5
                                                                                      Function 0072D1E1 Relevance: .0, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f1888d5f18a7701465dbb7dfb7eb8172c8544d2db67c44e174b861a4f42fc5df
                                                                                      • Instruction ID: e448b3a0f2c0d6363c83ee1b7ab8a42cefb18c0fcc519550237ca5f61a9c3ea4
                                                                                      • Opcode Fuzzy Hash: f1888d5f18a7701465dbb7dfb7eb8172c8544d2db67c44e174b861a4f42fc5df
                                                                                      • Instruction Fuzzy Hash: 1311EFB0408380EFD3209F618494A1FFBE5EB96714F148C0DF5A49B251C379D815CF56
                                                                                      Function 00706EA0 Relevance: .0, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0f2d40d044e1d7033e9b23705588e92ecf6e63c23e77397effdd00b8a7521994
                                                                                      • Instruction ID: b047db8777d8b8ce729dbce45537ce9b3613d1a87f60d6a2539a095dafaf769c
                                                                                      • Opcode Fuzzy Hash: 0f2d40d044e1d7033e9b23705588e92ecf6e63c23e77397effdd00b8a7521994
                                                                                      • Instruction Fuzzy Hash: 5DF0243E71821A4BB210DDAAE8C083BB3D6D7CA364B055639EA40C3241CE76F80281A4
                                                                                      Function 0073B8C0 Relevance: .0, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                                      • Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
                                                                                      • Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                                      • Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695
                                                                                      Function 0071C5F0 Relevance: .0, Instructions: 42COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                      • Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
                                                                                      • Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                      • Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696
                                                                                      Function 0071B410 Relevance: .0, Instructions: 38COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                      • Instruction ID: 838a551f3f0959d612952bd7a8aa7ab94c375f827dcda1aecce7ba98f611e295
                                                                                      • Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                      • Instruction Fuzzy Hash: EEF0ECB16045505BDF22CA5C9CC0FB7BBACCB8B354F190426FC4557183E2655885C3E5
                                                                                      Function 00738220 Relevance: .0, Instructions: 32COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 22f5d4473fd47807702d8629c1f5b25b116186019efd665b9e60894ea1c31b52
                                                                                      • Instruction ID: d6abd49d9d2f3fa65e778a1486e5d215b5c21d11ad5f4be529adb25694116595
                                                                                      • Opcode Fuzzy Hash: 22f5d4473fd47807702d8629c1f5b25b116186019efd665b9e60894ea1c31b52
                                                                                      • Instruction Fuzzy Hash: D101E4B44107009FC360EF29C485757BBE8EB08714F008A1DE8EECB680D774A5448B82
                                                                                      Function 00741440 Relevance: .0, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                      • Instruction ID: f7663288f23839224b664ffdf15e52662af47cd70f1ec0528e3a59059636f3a0
                                                                                      • Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                      • Instruction Fuzzy Hash: CCD0A771608361469F749E1DE410977F7F0EAC7B11F89955EFA86E3148D334DC81C2A9
                                                                                      Function 00711ACD Relevance: .0, Instructions: 14COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e332ebf7ca2194d3003938370c69b4a04cf0990ec984ca41bf9e1fc21e935e24
                                                                                      • Instruction ID: 6cc9cd6bd5f9c183c3ac79b4ed826ae3e6100cfeeae79d9749bd9eb944955657
                                                                                      • Opcode Fuzzy Hash: e332ebf7ca2194d3003938370c69b4a04cf0990ec984ca41bf9e1fc21e935e24
                                                                                      • Instruction Fuzzy Hash: FFC01238A981818B82049F08A899476A6B8A70720D740E02BDA02EB261DB68C412890D
                                                                                      Function 00746094 Relevance: .0, Instructions: 12COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8e90976bdf2bdd0167c667deebd1a953fdd05189e8542eec7fabe3ace6b9df21
                                                                                      • Instruction ID: 80295b6662526f388c0f59ed189e5d0b64317953ea83b0fb1605bae28cdd35a0
                                                                                      • Opcode Fuzzy Hash: 8e90976bdf2bdd0167c667deebd1a953fdd05189e8542eec7fabe3ace6b9df21
                                                                                      • Instruction Fuzzy Hash: 15C09B74E5C20087B20CCF04D9514B5F3779B97755724F01DC81723266D17CD517951D
                                                                                      Function 00711A3C Relevance: .0, Instructions: 12COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0b18fe5d1962163a009b95f1613e65aa92e52f83a093b9afe702af9de25c0795
                                                                                      • Instruction ID: 61f8ebc5ee4345d4d35c9a0afcd3f92169cf1fd5e9c0d2569efa20256233be17
                                                                                      • Opcode Fuzzy Hash: 0b18fe5d1962163a009b95f1613e65aa92e52f83a093b9afe702af9de25c0795
                                                                                      • Instruction Fuzzy Hash: 8AC04C28A990818B82449E8DA891472A6A85707208750B03BD702EB261DA64D415850D
                                                                                      Function 00745FD6 Relevance: .0, Instructions: 11COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2099566105.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.00000000009D9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099625368.0000000000A1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099867454.0000000000A1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2099988286.0000000000BC4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2100006256.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_700000_file.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d3a8ace2c004fd39fedd129cdceb93888744899628fc33355d340ef7eee601e3
                                                                                      • Instruction ID: c4c9687a85726251faf1582b3e35fca88b3b9ac1f088761a1cb0aaa33b2af273
                                                                                      • Opcode Fuzzy Hash: d3a8ace2c004fd39fedd129cdceb93888744899628fc33355d340ef7eee601e3
                                                                                      • Instruction Fuzzy Hash: BDC09B64F6820047B24CCF14DD51575F2B79B87555714F01DC80563265D178D511850C