Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1531319
MD5:e6b88cfb16f5d19478b9e6ee844dde1a
SHA1:992f55cffffc876755399d77175ccf53f2a02531
SHA256:84cdf009832cce6906bd5ea127064e4e2d26fb8b4833bed93c8e208cd94e1938
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6300 cmdline: "C:\Users\user\Desktop\file.exe" MD5: E6B88CFB16F5D19478B9E6EE844DDE1A)
  • cleanup

Malware Configuration

Threatname: LummaC

{"C2 url": ["licendfilteo.site", "spirittunek.store", "eaglepawnoy.store", "mobbipenju.store", "bathdoomgaz.store", "studennotediw.store", "dissapoiznw.store", "clearancek.site"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T01:50:04.600620+020020546531A Network Trojan was detected192.168.2.549705172.67.206.204443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T01:50:04.600620+020020498361A Network Trojan was detected192.168.2.549705172.67.206.204443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T01:50:01.952348+020020564771Domain Observed Used for C2 Detected192.168.2.5600201.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T01:50:01.874815+020020564711Domain Observed Used for C2 Detected192.168.2.5501201.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T01:50:01.922623+020020564811Domain Observed Used for C2 Detected192.168.2.5509801.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T01:50:01.912136+020020564831Domain Observed Used for C2 Detected192.168.2.5539981.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T01:50:01.976240+020020564731Domain Observed Used for C2 Detected192.168.2.5609211.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T01:50:01.898772+020020564851Domain Observed Used for C2 Detected192.168.2.5633491.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T01:50:01.964183+020020564751Domain Observed Used for C2 Detected192.168.2.5611081.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T01:50:01.932833+020020564791Domain Observed Used for C2 Detected192.168.2.5565421.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T01:50:03.534551+020028586661Domain Observed Used for C2 Detected192.168.2.549704104.102.49.254443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: file.exeAvira: detected
    Antivirus detection for URL or domain
    Source: https://steamcommunity.com/profiles/76561199724331900URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/inventory/URL Reputation: Label: malware
    Found malware configuration
    Source: file.exe.6300.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["licendfilteo.site", "spirittunek.store", "eaglepawnoy.store", "mobbipenju.store", "bathdoomgaz.store", "studennotediw.store", "dissapoiznw.store", "clearancek.site"], "Build id": "4SD0y4--legendaryy"}
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmpString decryptor: licendfilteo.site
    Source: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmpString decryptor: spirittunek.store
    Source: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmpString decryptor: bathdoomgaz.store
    Source: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmpString decryptor: studennotediw.store
    Source: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmpString decryptor: dissapoiznw.store
    Source: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmpString decryptor: eaglepawnoy.store
    Source: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmpString decryptor: mobbipenju.store
    Source: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--legendaryy
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49704 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.5:49705 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0100D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0100D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_010450FA
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_010463B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h0_2_0104695B
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_010499D0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]0_2_0100FCA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_01010EEC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_0102D1E1
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, dword ptr [edx]0_2_01001000
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_01016F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then dec ebx0_2_0103F030
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_01044040
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_01046094
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, eax0_2_0100A300
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_010323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_010323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_010323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], al0_2_010323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_010323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+14h]0_2_010323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_01022260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [esi], ax0_2_01022260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_010142FC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_01029510
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh0_2_01047520
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_01016536
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]0_2_01008590
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0102E40C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp], 00000000h0_2_0101B410
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]0_2_01041440
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0101D457
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_0102C470
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_010464B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_01045700
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [edi+eax]0_2_01047710
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0102D7AF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]0_2_010467EF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_0103B650
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0102E66A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h0_2_01043920
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h0_2_0101D961
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]0_2_010049A0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_010228E9
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_01049B60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+000006B8h]0_2_0101DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h0_2_0101DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_01030B80
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_01013BE2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_01011BEE
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_01011A3C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_01044A40
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_01005A50
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_01011ACD
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh0_2_0102FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0102DD29
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_01048D8A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h0_2_01027C00
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh0_2_0103FC20
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [eax+esi+02h], 0000h0_2_0102EC48
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_0102AC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], ax0_2_0102AC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h0_2_0102CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0102CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h0_2_0102CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_01049CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh0_2_01049CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_01029F62
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0103FF70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_01016F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h0_2_01047FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_01047FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_01008FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_01045FD6
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], 0000h0_2_0101FFDF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, ecx0_2_01014E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, word ptr [ecx]0_2_0102AE57
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_01027E60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_01025E70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_01011E93
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]0_2_01006EA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [ebp+00h]0_2_0100BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [ebx], 00000000h0_2_01016EBF

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.5:60020 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.5:53998 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.5:50980 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.5:56542 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.5:60921 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.5:63349 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.5:50120 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.5:61108 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.5:49704 -> 104.102.49.254:443
    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49705 -> 172.67.206.204:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49705 -> 172.67.206.204:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: licendfilteo.site
    Source: Malware configuration extractorURLs: spirittunek.store
    Source: Malware configuration extractorURLs: eaglepawnoy.store
    Source: Malware configuration extractorURLs: mobbipenju.store
    Source: Malware configuration extractorURLs: bathdoomgaz.store
    Source: Malware configuration extractorURLs: studennotediw.store
    Source: Malware configuration extractorURLs: dissapoiznw.store
    Source: Malware configuration extractorURLs: clearancek.site
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewIP Address: 172.67.206.204 172.67.206.204
    Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficDNS traffic detected: DNS query: clearancek.site
    Source: global trafficDNS traffic detected: DNS query: mobbipenju.store
    Source: global trafficDNS traffic detected: DNS query: eaglepawnoy.store
    Source: global trafficDNS traffic detected: DNS query: dissapoiznw.store
    Source: global trafficDNS traffic detected: DNS query: studennotediw.store
    Source: global trafficDNS traffic detected: DNS query: bathdoomgaz.store
    Source: global trafficDNS traffic detected: DNS query: spirittunek.store
    Source: global trafficDNS traffic detected: DNS query: licendfilteo.site
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: global trafficDNS traffic detected: DNS query: sergei-esenin.com
    Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: file.exe, 00000000.00000002.2081681504.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: file.exe, 00000000.00000002.2081681504.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000002.2081681504.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic
    Source: file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
    Source: file.exe, 00000000.00000002.2081395591.000000000090E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clearancek.site:443/apii
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.aka
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akam
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.co
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/publi
    Source: file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/heade
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
    Source: file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
    Source: file.exe, 00000000.00000003.2073515462.000000000094C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
    Source: file.exe, 00000000.00000002.2081681504.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=Gu9gs5hf
    Source: file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=M7aU
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/g&
    Source: file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
    Source: file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbc
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
    Source: file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=IZH_ONwLX4kw&l=e
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_san
    Source: file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_globa
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
    Source: file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
    Source: file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/sharel#
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstw&
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akas#
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akaw$
    Source: file.exe, 00000000.00000002.2081395591.000000000090E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dissapoiznw.store:443/api::
    Source: file.exe, 00000000.00000002.2081395591.000000000090E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eaglepawnoy.store:443/api
    Source: file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: file.exe, 00000000.00000002.2081395591.0000000000905000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobbipenju.store/apiE
    Source: file.exe, 00000000.00000002.2081395591.000000000090E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobbipenju.store:443/api
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/S
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api
    Source: file.exe, 00000000.00000002.2081681504.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/apiU
    Source: file.exe, 00000000.00000002.2081395591.000000000090E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com:443/api
    Source: file.exe, 00000000.00000002.2081395591.000000000090E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://spirittunek.store:443/api
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.c
    Source: file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: file.exe, 00000000.00000002.2081395591.0000000000921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/QR_
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: file.exe, 00000000.00000002.2081681504.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: file.exe, 00000000.00000002.2081395591.0000000000921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: file.exe, 00000000.00000003.2073515462.000000000094C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
    Source: file.exe, 00000000.00000002.2081395591.0000000000921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/765611997243319009U
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: file.exe, 00000000.00000002.2081395591.000000000090E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900g;
    Source: file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: file.exe, 00000000.00000002.2081681504.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000002.2081395591.000000000090E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://studennotediw.store:443/api
    Source: file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49704 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.5:49705 version: TLS 1.2

    System Summary

    barindex
    PE file contains section with special chars
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010102280_2_01010228
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010051600_2_01005160
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100E1A00_2_0100E1A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D51DA0_2_011D51DA
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010071F00_2_010071F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010010000_2_01001000
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011DA0330_2_011DA033
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010120300_2_01012030
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010440400_2_01044040
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0110F04D0_2_0110F04D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0104A0D00_2_0104A0D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100A3000_2_0100A300
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100B3A00_2_0100B3A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010013A30_2_010013A3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010323E00_2_010323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D02280_2_011D0228
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011962AB0_2_011962AB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010382D00_2_010382D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010312D00_2_010312D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010012F70_2_010012F7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010085900_2_01008590
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010035B00_2_010035B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0101C5F00_2_0101C5F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102C4700_2_0102C470
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010144870_2_01014487
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0101049B0_2_0101049B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010364F00_2_010364F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D37F90_2_011D37F9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0103F6200_2_0103F620
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D86210_2_011D8621
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100164F0_2_0100164F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010486520_2_01048652
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010486F00_2_010486F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010B89330_2_010B8933
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102098B0_2_0102098B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010489A00_2_010489A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011BF9CC0_2_011BF9CC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100A8500_2_0100A850
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010318600_2_01031860
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011CD8770_2_011CD877
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0103E8A00_2_0103E8A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0103B8C00_2_0103B8C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0101DB6F0_2_0101DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D6BB80_2_011D6BB8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01007BF00_2_01007BF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01044A400_2_01044A40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0115EA630_2_0115EA63
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01048A800_2_01048A80
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01047AB00_2_01047AB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102FD100_2_0102FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102DD290_2_0102DD29
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01028D620_2_01028D62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01128D930_2_01128D93
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01048C020_2_01048C02
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D1C870_2_011D1C87
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01046CBF0_2_01046CBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102CCD00_2_0102CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100AF100_2_0100AF10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01047FC00_2_01047FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01008FD00_2_01008FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01014E2A0_2_01014E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102AE570_2_0102AE57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01048E700_2_01048E70
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100BEB00_2_0100BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01016EBF0_2_01016EBF
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0100CAA0 appears 48 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0101D300 appears 152 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: file.exeStatic PE information: Section: ZLIB complexity 0.9995487830033003
    Source: file.exeStatic PE information: Section: pifixlui ZLIB complexity 0.9943070478922892
    Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@10/2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01038220 CoCreateInstance,0_2_01038220
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
    Source: file.exeStatic file information: File size 1876480 > 1048576
    Source: file.exeStatic PE information: Raw size of pifixlui is bigger than: 0x100000 < 0x1a0a00

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.1000000.0.unpack :EW;.rsrc :W;.idata :W; :EW;pifixlui:EW;ntcibuer:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;pifixlui:EW;ntcibuer:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: file.exeStatic PE information: real checksum: 0x1d0d24 should be: 0x1d6833
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: pifixlui
    Source: file.exeStatic PE information: section name: ntcibuer
    Source: file.exeStatic PE information: section name: .taggant
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01270138 push eax; mov dword ptr [esp], 1A76FCA3h0_2_01270162
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0128B105 push eax; mov dword ptr [esp], 39E6A82Fh0_2_0128B1A6
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_012D1114 push eax; mov dword ptr [esp], 200FA050h0_2_012D10F5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_012A214B push eax; mov dword ptr [esp], esp0_2_012A2160
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01069190 push ecx; mov dword ptr [esp], eax0_2_01069194
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_012611E4 push ebx; mov dword ptr [esp], eax0_2_0126118E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D51DA push 44D7026Bh; mov dword ptr [esp], edx0_2_011D51F9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D51DA push 720A9251h; mov dword ptr [esp], edx0_2_011D526C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D51DA push 615FA2E2h; mov dword ptr [esp], ebx0_2_011D5367
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D51DA push eax; mov dword ptr [esp], ebp0_2_011D53C6
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D51DA push eax; mov dword ptr [esp], edi0_2_011D5417
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D51DA push ecx; mov dword ptr [esp], ebp0_2_011D5450
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D51DA push eax; mov dword ptr [esp], edi0_2_011D5502
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D51DA push ecx; mov dword ptr [esp], eax0_2_011D5525
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D51DA push 17F5C32Ah; mov dword ptr [esp], ebp0_2_011D5579
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D51DA push edx; mov dword ptr [esp], eax0_2_011D557D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D51DA push ecx; mov dword ptr [esp], 3652C100h0_2_011D5592
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D51DA push esi; mov dword ptr [esp], eax0_2_011D55E2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D51DA push ebx; mov dword ptr [esp], 6599C54Eh0_2_011D5615
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D51DA push 0A1331C2h; mov dword ptr [esp], eax0_2_011D56EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D51DA push 6F805BCFh; mov dword ptr [esp], ebp0_2_011D5742
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D51DA push ebx; mov dword ptr [esp], ebp0_2_011D578A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D51DA push 2A805EB7h; mov dword ptr [esp], edx0_2_011D5820
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D51DA push eax; mov dword ptr [esp], ecx0_2_011D5844
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D51DA push 6B033E6Ch; mov dword ptr [esp], edx0_2_011D5887
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D51DA push edx; mov dword ptr [esp], ecx0_2_011D58C3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D51DA push edx; mov dword ptr [esp], 1914347Ah0_2_011D58E7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D51DA push 46DD20FFh; mov dword ptr [esp], edx0_2_011D595D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D51DA push edi; mov dword ptr [esp], edx0_2_011D596C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D51DA push edi; mov dword ptr [esp], edx0_2_011D597E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D51DA push 59009924h; mov dword ptr [esp], ebp0_2_011D59D9
    Source: file.exeStatic PE information: section name: entropy: 7.977907503208551
    Source: file.exeStatic PE information: section name: pifixlui entropy: 7.953483377760076

    Boot Survival

    barindex
    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes / dynamic malware analysis system (registry check)
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11DF566 second address: 11DF56C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11DF56C second address: 11DF572 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11DF854 second address: 11DF85A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11DFA17 second address: 11DFA47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007FF1A8D4F236h 0x00000009 jmp 00007FF1A8D4F23Eh 0x0000000e jmp 00007FF1A8D4F247h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11DFA47 second address: 11DFA63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FF1A8DD2183h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11DFA63 second address: 11DFA67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E128E second address: 11E1292 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E1292 second address: 106374C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 add dword ptr [esp], 1AB80558h 0x0000000e xor edi, 0EF62FCEh 0x00000014 push dword ptr [ebp+122D0B91h] 0x0000001a pushad 0x0000001b mov esi, dword ptr [ebp+122D2AF1h] 0x00000021 jc 00007FF1A8D4F23Ch 0x00000027 mov dword ptr [ebp+122D3349h], esi 0x0000002d popad 0x0000002e call dword ptr [ebp+122D3245h] 0x00000034 pushad 0x00000035 mov dword ptr [ebp+122D3230h], edx 0x0000003b jno 00007FF1A8D4F23Ch 0x00000041 xor eax, eax 0x00000043 clc 0x00000044 je 00007FF1A8D4F246h 0x0000004a mov edx, dword ptr [esp+28h] 0x0000004e sub dword ptr [ebp+122D3230h], edi 0x00000054 mov dword ptr [ebp+122D2BA9h], eax 0x0000005a jmp 00007FF1A8D4F23Bh 0x0000005f mov esi, 0000003Ch 0x00000064 stc 0x00000065 add esi, dword ptr [esp+24h] 0x00000069 mov dword ptr [ebp+122D3230h], edi 0x0000006f lodsw 0x00000071 sub dword ptr [ebp+122D3230h], eax 0x00000077 add eax, dword ptr [esp+24h] 0x0000007b mov dword ptr [ebp+122D3230h], ebx 0x00000081 clc 0x00000082 mov ebx, dword ptr [esp+24h] 0x00000086 sub dword ptr [ebp+122D3230h], edx 0x0000008c nop 0x0000008d push ebx 0x0000008e push eax 0x0000008f push edx 0x00000090 push edi 0x00000091 pop edi 0x00000092 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E1342 second address: 11E136D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8DD217Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FF1A8DD217Ah 0x0000000e popad 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push eax 0x00000014 push edx 0x00000015 push ecx 0x00000016 jno 00007FF1A8DD2176h 0x0000001c pop ecx 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E136D second address: 11E1373 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E1373 second address: 11E143B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8DD2184h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d pushad 0x0000000e jmp 00007FF1A8DD217Bh 0x00000013 jnl 00007FF1A8DD217Ch 0x00000019 popad 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e jmp 00007FF1A8DD217Fh 0x00000023 pop eax 0x00000024 mov dword ptr [ebp+122D2701h], edi 0x0000002a push 00000003h 0x0000002c call 00007FF1A8DD2182h 0x00000031 mov edx, dword ptr [ebp+122D28B9h] 0x00000037 pop edx 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push edx 0x0000003d call 00007FF1A8DD2178h 0x00000042 pop edx 0x00000043 mov dword ptr [esp+04h], edx 0x00000047 add dword ptr [esp+04h], 0000001Ch 0x0000004f inc edx 0x00000050 push edx 0x00000051 ret 0x00000052 pop edx 0x00000053 ret 0x00000054 mov ecx, dword ptr [ebp+122D2A99h] 0x0000005a mov dword ptr [ebp+122D3557h], ebx 0x00000060 push 00000003h 0x00000062 push ebx 0x00000063 call 00007FF1A8DD217Dh 0x00000068 mov dword ptr [ebp+122D1B43h], edi 0x0000006e pop esi 0x0000006f pop ecx 0x00000070 push 72993EC0h 0x00000075 push eax 0x00000076 push edx 0x00000077 jmp 00007FF1A8DD217Dh 0x0000007c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E143B second address: 11E1480 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8D4F247h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 4D66C140h 0x00000010 jp 00007FF1A8D4F23Ah 0x00000016 lea ebx, dword ptr [ebp+124511AFh] 0x0000001c mov dword ptr [ebp+122D334Eh], eax 0x00000022 push eax 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FF1A8D4F23Ah 0x0000002a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E1544 second address: 11E15CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 popad 0x00000008 xor dword ptr [esp], 794CE6C1h 0x0000000f mov dword ptr [ebp+122D2701h], ecx 0x00000015 push 00000003h 0x00000017 push 00000000h 0x00000019 mov ecx, dword ptr [ebp+122D2AE1h] 0x0000001f push 00000003h 0x00000021 jl 00007FF1A8DD217Ch 0x00000027 mov ecx, dword ptr [ebp+122D2841h] 0x0000002d push 82A6476Ah 0x00000032 jns 00007FF1A8DD217Eh 0x00000038 add dword ptr [esp], 3D59B896h 0x0000003f mov esi, dword ptr [ebp+122D2A35h] 0x00000045 lea ebx, dword ptr [ebp+124511B8h] 0x0000004b push 00000000h 0x0000004d push ebx 0x0000004e call 00007FF1A8DD2178h 0x00000053 pop ebx 0x00000054 mov dword ptr [esp+04h], ebx 0x00000058 add dword ptr [esp+04h], 00000017h 0x00000060 inc ebx 0x00000061 push ebx 0x00000062 ret 0x00000063 pop ebx 0x00000064 ret 0x00000065 xor ecx, dword ptr [ebp+122D33B8h] 0x0000006b mov si, di 0x0000006e xchg eax, ebx 0x0000006f push eax 0x00000070 push edx 0x00000071 jnc 00007FF1A8DD2178h 0x00000077 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E15CA second address: 11E15DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E15DA second address: 11E15DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E15DE second address: 11E15EC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007FF1A8D4F236h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11CE261 second address: 11CE266 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1200999 second address: 120099D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1200B0B second address: 1200B22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FF1A8DD217Fh 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1200B22 second address: 1200B30 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push edi 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1200CAF second address: 1200CB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1200CB3 second address: 1200CDF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8D4F248h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FF1A8D4F240h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1200F44 second address: 1200F6F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8DD2181h 0x00000007 jng 00007FF1A8DD2176h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 jmp 00007FF1A8DD217Ch 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1201517 second address: 120152B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007FF1A8D4F23Ch 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12017D7 second address: 12017DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12018F2 second address: 120191E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8D4F245h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c push edi 0x0000000d pop edi 0x0000000e jnl 00007FF1A8D4F236h 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120191E second address: 1201926 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1201926 second address: 1201952 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1A8D4F23Fh 0x00000009 popad 0x0000000a jmp 00007FF1A8D4F248h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1201952 second address: 120195E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FF1A8DD2176h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11CC76A second address: 11CC76E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120205A second address: 120205E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120244E second address: 1202452 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1202789 second address: 120278E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D32EA second address: 11D3302 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FF1A8D4F23Fh 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1209446 second address: 1209470 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jno 00007FF1A8DD2176h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FF1A8DD2188h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120861B second address: 120861F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120861F second address: 1208647 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 jl 00007FF1A8DD2196h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF1A8DD2188h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D4CA1 second address: 11D4CBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1A8D4F242h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D4CBB second address: 11D4CC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D4CC3 second address: 11D4CC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D4CC8 second address: 11D4CCD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120EA82 second address: 120EAB6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8D4F246h 0x00000007 jns 00007FF1A8D4F23Ah 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jmp 00007FF1A8D4F23Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120EAB6 second address: 120EAD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1A8DD2185h 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120EC33 second address: 120EC41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FF1A8D4F236h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120EC41 second address: 120EC4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120EC4C second address: 120EC51 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120EC51 second address: 120EC57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120EF0D second address: 120EF11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120EF11 second address: 120EF17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120EF17 second address: 120EF1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120EF1F second address: 120EF23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120EF23 second address: 120EF66 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF1A8D4F236h 0x00000008 jl 00007FF1A8D4F236h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jmp 00007FF1A8D4F23Ch 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push esi 0x00000019 jl 00007FF1A8D4F236h 0x0000001f pop esi 0x00000020 pushad 0x00000021 jmp 00007FF1A8D4F249h 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1211616 second address: 121161A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12116FF second address: 1211709 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF1A8D4F236h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1211709 second address: 121170F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 121170F second address: 1211713 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1211713 second address: 1211717 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12117FB second address: 1211800 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1211F48 second address: 1211F4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1211F4D second address: 1211F6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1A8D4F245h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1211F6F second address: 1211F76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 121274A second address: 12127C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push edi 0x0000000a call 00007FF1A8D4F238h 0x0000000f pop edi 0x00000010 mov dword ptr [esp+04h], edi 0x00000014 add dword ptr [esp+04h], 00000015h 0x0000001c inc edi 0x0000001d push edi 0x0000001e ret 0x0000001f pop edi 0x00000020 ret 0x00000021 add dword ptr [ebp+122D25B9h], ebx 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push ebx 0x0000002c call 00007FF1A8D4F238h 0x00000031 pop ebx 0x00000032 mov dword ptr [esp+04h], ebx 0x00000036 add dword ptr [esp+04h], 00000016h 0x0000003e inc ebx 0x0000003f push ebx 0x00000040 ret 0x00000041 pop ebx 0x00000042 ret 0x00000043 push 00000000h 0x00000045 push 00000000h 0x00000047 push edx 0x00000048 call 00007FF1A8D4F238h 0x0000004d pop edx 0x0000004e mov dword ptr [esp+04h], edx 0x00000052 add dword ptr [esp+04h], 0000001Bh 0x0000005a inc edx 0x0000005b push edx 0x0000005c ret 0x0000005d pop edx 0x0000005e ret 0x0000005f xchg eax, ebx 0x00000060 push eax 0x00000061 push edx 0x00000062 jno 00007FF1A8D4F23Ch 0x00000068 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12127C8 second address: 12127D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FF1A8DD2176h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1213150 second address: 1213188 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 mov esi, dword ptr [ebp+122D3230h] 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push ecx 0x00000011 call 00007FF1A8D4F238h 0x00000016 pop ecx 0x00000017 mov dword ptr [esp+04h], ecx 0x0000001b add dword ptr [esp+04h], 00000015h 0x00000023 inc ecx 0x00000024 push ecx 0x00000025 ret 0x00000026 pop ecx 0x00000027 ret 0x00000028 mov dword ptr [ebp+122D25A1h], edx 0x0000002e push 00000000h 0x00000030 push eax 0x00000031 push eax 0x00000032 pushad 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 121A871 second address: 121A876 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1217EF3 second address: 1217EF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 121A876 second address: 121A87C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 121A87C second address: 121A88E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jnp 00007FF1A8D4F236h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 121BF4E second address: 121BF54 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 121AFB9 second address: 121AFBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 121D108 second address: 121D10C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 121E10D second address: 121E112 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 121D10C second address: 121D19D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 mov dword ptr [ebp+122D3553h], eax 0x0000000d push dword ptr fs:[00000000h] 0x00000014 jnc 00007FF1A8DD217Ah 0x0000001a mov di, 9D61h 0x0000001e mov dword ptr fs:[00000000h], esp 0x00000025 jmp 00007FF1A8DD2184h 0x0000002a mov eax, dword ptr [ebp+122D0FA5h] 0x00000030 push 00000000h 0x00000032 push esi 0x00000033 call 00007FF1A8DD2178h 0x00000038 pop esi 0x00000039 mov dword ptr [esp+04h], esi 0x0000003d add dword ptr [esp+04h], 0000001Ah 0x00000045 inc esi 0x00000046 push esi 0x00000047 ret 0x00000048 pop esi 0x00000049 ret 0x0000004a movzx ebx, dx 0x0000004d jmp 00007FF1A8DD2188h 0x00000052 push FFFFFFFFh 0x00000054 or dword ptr [ebp+122D3280h], ebx 0x0000005a or edi, 44DBA75Eh 0x00000060 push eax 0x00000061 push eax 0x00000062 push edx 0x00000063 push eax 0x00000064 push edx 0x00000065 pushad 0x00000066 popad 0x00000067 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 121E112 second address: 121E18C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push dword ptr fs:[00000000h] 0x00000011 mov ebx, dword ptr [ebp+122D28F9h] 0x00000017 mov dword ptr fs:[00000000h], esp 0x0000001e mov edi, dword ptr [ebp+122D3362h] 0x00000024 mov eax, dword ptr [ebp+122D0BB9h] 0x0000002a push 00000000h 0x0000002c push edi 0x0000002d call 00007FF1A8D4F238h 0x00000032 pop edi 0x00000033 mov dword ptr [esp+04h], edi 0x00000037 add dword ptr [esp+04h], 00000016h 0x0000003f inc edi 0x00000040 push edi 0x00000041 ret 0x00000042 pop edi 0x00000043 ret 0x00000044 clc 0x00000045 push FFFFFFFFh 0x00000047 push 00000000h 0x00000049 push ecx 0x0000004a call 00007FF1A8D4F238h 0x0000004f pop ecx 0x00000050 mov dword ptr [esp+04h], ecx 0x00000054 add dword ptr [esp+04h], 00000014h 0x0000005c inc ecx 0x0000005d push ecx 0x0000005e ret 0x0000005f pop ecx 0x00000060 ret 0x00000061 mov edi, dword ptr [ebp+122D2B49h] 0x00000067 nop 0x00000068 push eax 0x00000069 push edx 0x0000006a pushad 0x0000006b ja 00007FF1A8D4F236h 0x00000071 pushad 0x00000072 popad 0x00000073 popad 0x00000074 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 121D19D second address: 121D1A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12207AD second address: 122083E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8D4F243h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007FF1A8D4F238h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 00000016h 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 movsx edi, dx 0x00000027 push 00000000h 0x00000029 mov bl, ah 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push edx 0x00000030 call 00007FF1A8D4F238h 0x00000035 pop edx 0x00000036 mov dword ptr [esp+04h], edx 0x0000003a add dword ptr [esp+04h], 0000001Dh 0x00000042 inc edx 0x00000043 push edx 0x00000044 ret 0x00000045 pop edx 0x00000046 ret 0x00000047 sub dword ptr [ebp+122D3312h], ebx 0x0000004d xchg eax, esi 0x0000004e jp 00007FF1A8D4F23Ah 0x00000054 push edi 0x00000055 push ecx 0x00000056 pop ecx 0x00000057 pop edi 0x00000058 push eax 0x00000059 push eax 0x0000005a push edx 0x0000005b push eax 0x0000005c push edx 0x0000005d jmp 00007FF1A8D4F247h 0x00000062 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 121D1A1 second address: 121D1A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122083E second address: 1220844 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12209FE second address: 1220A02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122197F second address: 1221985 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122575B second address: 122575F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12266BE second address: 1226753 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1A8D4F245h 0x00000009 popad 0x0000000a push edi 0x0000000b jl 00007FF1A8D4F236h 0x00000011 pop edi 0x00000012 popad 0x00000013 mov dword ptr [esp], eax 0x00000016 pushad 0x00000017 sub dword ptr [ebp+122D331Fh], ebx 0x0000001d pushad 0x0000001e stc 0x0000001f movzx edi, si 0x00000022 popad 0x00000023 popad 0x00000024 push 00000000h 0x00000026 push 00000000h 0x00000028 push esi 0x00000029 call 00007FF1A8D4F238h 0x0000002e pop esi 0x0000002f mov dword ptr [esp+04h], esi 0x00000033 add dword ptr [esp+04h], 00000016h 0x0000003b inc esi 0x0000003c push esi 0x0000003d ret 0x0000003e pop esi 0x0000003f ret 0x00000040 sub di, 3D2Bh 0x00000045 push 00000000h 0x00000047 push 00000000h 0x00000049 push eax 0x0000004a call 00007FF1A8D4F238h 0x0000004f pop eax 0x00000050 mov dword ptr [esp+04h], eax 0x00000054 add dword ptr [esp+04h], 0000001Ah 0x0000005c inc eax 0x0000005d push eax 0x0000005e ret 0x0000005f pop eax 0x00000060 ret 0x00000061 mov di, ax 0x00000064 push eax 0x00000065 push eax 0x00000066 push edx 0x00000067 js 00007FF1A8D4F242h 0x0000006d jmp 00007FF1A8D4F23Ch 0x00000072 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12258B6 second address: 12258C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push edx 0x0000000b pop edx 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12268D1 second address: 12268D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12287B3 second address: 12287CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 jmp 00007FF1A8DD2180h 0x0000000d popad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12268D5 second address: 12268DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122599B second address: 12259A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12287CF second address: 12287D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12259A1 second address: 12259AB instructions: 0x00000000 rdtsc 0x00000002 je 00007FF1A8DD217Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12287D5 second address: 12287DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122AF54 second address: 122AF94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop ebx 0x00000006 nop 0x00000007 mov di, F672h 0x0000000b push 00000000h 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007FF1A8DD2178h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 00000018h 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 push 00000000h 0x00000029 mov edi, dword ptr [ebp+122D2831h] 0x0000002f push eax 0x00000030 push eax 0x00000031 push edx 0x00000032 jc 00007FF1A8DD217Ch 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122A039 second address: 122A03D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122AF94 second address: 122AF98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122A03D second address: 122A043 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122A043 second address: 122A049 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122D140 second address: 122D18A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FF1A8D4F23Ch 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push ecx 0x00000014 call 00007FF1A8D4F238h 0x00000019 pop ecx 0x0000001a mov dword ptr [esp+04h], ecx 0x0000001e add dword ptr [esp+04h], 00000018h 0x00000026 inc ecx 0x00000027 push ecx 0x00000028 ret 0x00000029 pop ecx 0x0000002a ret 0x0000002b mov edi, 0859BAE4h 0x00000030 push 00000000h 0x00000032 mov dword ptr [ebp+122D353Ch], edi 0x00000038 push eax 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122D18A second address: 122D190 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122D190 second address: 122D195 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1235A06 second address: 1235A0C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1235A0C second address: 1235A3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007FF1A8D4F243h 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 jmp 00007FF1A8D4F244h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1235A3F second address: 1235A43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1235D10 second address: 1235D30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jno 00007FF1A8D4F236h 0x0000000c popad 0x0000000d jmp 00007FF1A8D4F240h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1235EB0 second address: 1235EB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1235EB4 second address: 1235EBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D81EC second address: 11D81F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FF1A8DD2176h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 123FB3A second address: 123FB42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 123FB42 second address: 123FB47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 123FB47 second address: 123FB4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 123FB4D second address: 123FB51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 123FCA0 second address: 123FCC8 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF1A8D4F236h 0x00000008 jmp 00007FF1A8D4F248h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 123FCC8 second address: 123FCCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 123FCCC second address: 123FCE5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8D4F245h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 123FCE5 second address: 123FD0D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FF1A8DD2185h 0x0000000a pushad 0x0000000b popad 0x0000000c je 00007FF1A8DD2176h 0x00000012 popad 0x00000013 pushad 0x00000014 push esi 0x00000015 pop esi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 123FE51 second address: 123FE8A instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF1A8D4F236h 0x00000008 jno 00007FF1A8D4F236h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jnl 00007FF1A8D4F23Eh 0x00000016 pop ebx 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FF1A8D4F247h 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 123FE8A second address: 123FE90 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 123FE90 second address: 123FEB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007FF1A8D4F248h 0x0000000c push eax 0x0000000d push edx 0x0000000e jno 00007FF1A8D4F236h 0x00000014 push esi 0x00000015 pop esi 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12403DC second address: 12403FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1A8DD2182h 0x00000009 popad 0x0000000a ja 00007FF1A8DD217Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1246D0C second address: 1246D16 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF1A8D4F236h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1246D16 second address: 1246D1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D17A1 second address: 11D17CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8D4F23Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007FF1A8D4F24Fh 0x0000000f jmp 00007FF1A8D4F243h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1245D6D second address: 1245D75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1246037 second address: 124603B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1246183 second address: 12461A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8DD217Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FF1A8DD2182h 0x0000000f jl 00007FF1A8DD2176h 0x00000015 jbe 00007FF1A8DD2176h 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12461A6 second address: 12461C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF1A8D4F248h 0x00000008 jne 00007FF1A8D4F236h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 124648A second address: 1246492 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1246492 second address: 1246496 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12465B8 second address: 12465BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12465BC second address: 12465C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1246732 second address: 1246738 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1246738 second address: 124673C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 124673C second address: 124675E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007FF1A8DD218Ch 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 124675E second address: 1246764 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1246A71 second address: 1246A85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007FF1A8DD217Ah 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 124999C second address: 12499A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D9BCE second address: 11D9BEF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 pushad 0x00000008 push ecx 0x00000009 jmp 00007FF1A8DD2182h 0x0000000e pop ecx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D9BEF second address: 11D9C00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 js 00007FF1A8D4F236h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12539DB second address: 1253A23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FF1A8DD217Eh 0x0000000b popad 0x0000000c pushad 0x0000000d jmp 00007FF1A8DD2187h 0x00000012 jl 00007FF1A8DD2176h 0x00000018 js 00007FF1A8DD2176h 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 jnp 00007FF1A8DD2176h 0x00000027 js 00007FF1A8DD2176h 0x0000002d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1253A23 second address: 1253A31 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF1A8D4F236h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1253B6C second address: 1253B7A instructions: 0x00000000 rdtsc 0x00000002 jns 00007FF1A8DD2176h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b pushad 0x0000000c popad 0x0000000d pop edi 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1253B7A second address: 1253B8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FF1A8D4F236h 0x0000000a jnp 00007FF1A8D4F236h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1253B8A second address: 1253B8E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1253B8E second address: 1253B99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1253B99 second address: 1253BA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1253E5D second address: 1253E7F instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF1A8D4F236h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FF1A8D4F248h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1253E7F second address: 1253E9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1A8DD2189h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1253E9C second address: 1253EA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1253EA0 second address: 1253EAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1254146 second address: 125415F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8D4F241h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pop edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12542A6 second address: 12542AD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12543DE second address: 1254408 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007FF1A8D4F247h 0x0000000a push edi 0x0000000b push esi 0x0000000c pop esi 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 jne 00007FF1A8D4F236h 0x00000016 push eax 0x00000017 pop eax 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1254734 second address: 1254749 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007FF1A8DD2176h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1254749 second address: 1254758 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jc 00007FF1A8D4F236h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 125487C second address: 1254888 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FF1A8DD2176h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1254888 second address: 1254891 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12536C5 second address: 12536C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1259E1F second address: 1259E24 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1259E24 second address: 1259E4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1A8DD217Bh 0x00000009 jmp 00007FF1A8DD2181h 0x0000000e popad 0x0000000f pushad 0x00000010 push esi 0x00000011 pop esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1218A35 second address: 1218A39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1218A39 second address: 1218A43 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF1A8DD2176h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1218A43 second address: 1218A71 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FF1A8D4F248h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 ja 00007FF1A8D4F236h 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1218A71 second address: 1218A75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1218DBC second address: 1218DC2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1218DC2 second address: 106374C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8DD2184h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FF1A8DD2180h 0x0000000f nop 0x00000010 xor dh, FFFFFFBFh 0x00000013 push dword ptr [ebp+122D0B91h] 0x00000019 and cl, 00000046h 0x0000001c pushad 0x0000001d jmp 00007FF1A8DD217Dh 0x00000022 movsx ebx, cx 0x00000025 popad 0x00000026 call dword ptr [ebp+122D3245h] 0x0000002c pushad 0x0000002d mov dword ptr [ebp+122D3230h], edx 0x00000033 jno 00007FF1A8DD217Ch 0x00000039 xor eax, eax 0x0000003b clc 0x0000003c je 00007FF1A8DD2186h 0x00000042 mov edx, dword ptr [esp+28h] 0x00000046 sub dword ptr [ebp+122D3230h], edi 0x0000004c mov dword ptr [ebp+122D2BA9h], eax 0x00000052 jmp 00007FF1A8DD217Bh 0x00000057 mov esi, 0000003Ch 0x0000005c stc 0x0000005d add esi, dword ptr [esp+24h] 0x00000061 mov dword ptr [ebp+122D3230h], edi 0x00000067 lodsw 0x00000069 sub dword ptr [ebp+122D3230h], eax 0x0000006f add eax, dword ptr [esp+24h] 0x00000073 mov dword ptr [ebp+122D3230h], ebx 0x00000079 clc 0x0000007a mov ebx, dword ptr [esp+24h] 0x0000007e sub dword ptr [ebp+122D3230h], edx 0x00000084 nop 0x00000085 push ebx 0x00000086 push eax 0x00000087 push edx 0x00000088 push edi 0x00000089 pop edi 0x0000008a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1218EC5 second address: 1218ED8 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF1A8D4F236h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push edi 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1218ED8 second address: 1218EDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1218EDE second address: 1218EEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1218EEE second address: 1218EF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1218F76 second address: 1218F7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12190B3 second address: 12190B9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12197C8 second address: 12197CE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12197CE second address: 12197D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12197D4 second address: 12197D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1219B6B second address: 1219BB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 mov ch, 1Ch 0x0000000a lea eax, dword ptr [ebp+124885BAh] 0x00000010 push 00000000h 0x00000012 push ebp 0x00000013 call 00007FF1A8DD2178h 0x00000018 pop ebp 0x00000019 mov dword ptr [esp+04h], ebp 0x0000001d add dword ptr [esp+04h], 0000001Bh 0x00000025 inc ebp 0x00000026 push ebp 0x00000027 ret 0x00000028 pop ebp 0x00000029 ret 0x0000002a push eax 0x0000002b pushad 0x0000002c jmp 00007FF1A8DD2180h 0x00000031 push eax 0x00000032 push edx 0x00000033 jng 00007FF1A8DD2176h 0x00000039 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1219BB8 second address: 11FA08B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a jo 00007FF1A8D4F23Ch 0x00000010 mov edx, dword ptr [ebp+122D353Ch] 0x00000016 lea eax, dword ptr [ebp+12488576h] 0x0000001c push 00000000h 0x0000001e push edx 0x0000001f call 00007FF1A8D4F238h 0x00000024 pop edx 0x00000025 mov dword ptr [esp+04h], edx 0x00000029 add dword ptr [esp+04h], 0000001Bh 0x00000031 inc edx 0x00000032 push edx 0x00000033 ret 0x00000034 pop edx 0x00000035 ret 0x00000036 jg 00007FF1A8D4F239h 0x0000003c mov dl, bl 0x0000003e nop 0x0000003f push ecx 0x00000040 pushad 0x00000041 push edi 0x00000042 pop edi 0x00000043 push edi 0x00000044 pop edi 0x00000045 popad 0x00000046 pop ecx 0x00000047 push eax 0x00000048 push ecx 0x00000049 jmp 00007FF1A8D4F246h 0x0000004e pop ecx 0x0000004f nop 0x00000050 mov cx, B9CAh 0x00000054 call dword ptr [ebp+122D262Ah] 0x0000005a js 00007FF1A8D4F23Eh 0x00000060 push eax 0x00000061 push eax 0x00000062 push edx 0x00000063 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1258EB1 second address: 1258EB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1258EB9 second address: 1258EBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1258EBE second address: 1258EC5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 125916B second address: 1259171 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1259171 second address: 12591AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1A8DD2180h 0x00000009 popad 0x0000000a push edi 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FF1A8DD2183h 0x00000012 pop edi 0x00000013 jne 00007FF1A8DD2178h 0x00000019 popad 0x0000001a push ecx 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 125965B second address: 1259685 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF1A8D4F236h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d jbe 00007FF1A8D4F236h 0x00000013 jmp 00007FF1A8D4F245h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12597F5 second address: 12597FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FF1A8DD2176h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12597FF second address: 1259834 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jbe 00007FF1A8D4F238h 0x0000000e push edi 0x0000000f pop edi 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jns 00007FF1A8D4F23Ch 0x0000001a jmp 00007FF1A8D4F245h 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1259834 second address: 125983A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 125983A second address: 1259859 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8D4F245h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 125C910 second address: 125C916 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 125C916 second address: 125C91C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 125C91C second address: 125C922 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 125CA6F second address: 125CA79 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF1A8D4F236h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 125CA79 second address: 125CA85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jnp 00007FF1A8DD2176h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 125CC03 second address: 125CC09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 125F0F0 second address: 125F0F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 125F0F6 second address: 125F0FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 125F0FB second address: 125F118 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007FF1A8DD2176h 0x00000009 jmp 00007FF1A8DD2182h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 125F118 second address: 125F11E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 125F11E second address: 125F127 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1265E13 second address: 1265E23 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007FF1A8D4F236h 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 126483E second address: 126484A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FF1A8DD217Eh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1264D3C second address: 1264D40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1264D40 second address: 1264D44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1264D44 second address: 1264D4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1264EA4 second address: 1264EB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FF1A8DD2176h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1264EB0 second address: 1264EBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FF1A8D4F236h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 126862C second address: 1268632 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1268632 second address: 1268652 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FF1A8D4F236h 0x0000000a jmp 00007FF1A8D4F241h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1268652 second address: 1268656 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1268BE6 second address: 1268C2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FF1A8D4F236h 0x0000000a push eax 0x0000000b jmp 00007FF1A8D4F242h 0x00000010 jmp 00007FF1A8D4F241h 0x00000015 pop eax 0x00000016 popad 0x00000017 push edi 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FF1A8D4F245h 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 126A5E8 second address: 126A5F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 126A5F2 second address: 126A5FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FF1A8D4F236h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 126A5FC second address: 126A600 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 126CAAA second address: 126CAAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 126CAAE second address: 126CABC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007FF1A8DD2176h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 126CABC second address: 126CAC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1270C85 second address: 1270C89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 126FE85 second address: 126FE89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 126FE89 second address: 126FEAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF1A8DD2187h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 126FEAE second address: 126FEB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 126FEB2 second address: 126FEC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1A8DD2180h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1270194 second address: 1270199 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1270199 second address: 12701A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF1A8DD217Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12701A8 second address: 12701D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a jo 00007FF1A8D4F236h 0x00000010 pop edi 0x00000011 js 00007FF1A8D4F249h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12701D2 second address: 12701E1 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF1A8DD217Ah 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12701E1 second address: 12701E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 127034B second address: 1270351 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1270351 second address: 1270355 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 127061C second address: 1270626 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FF1A8DD2176h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1270626 second address: 1270646 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FF1A8D4F24Eh 0x0000000c jmp 00007FF1A8D4F242h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12793F3 second address: 1279422 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FF1A8DD2178h 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e jmp 00007FF1A8DD217Dh 0x00000013 pop edi 0x00000014 push edx 0x00000015 jmp 00007FF1A8DD217Fh 0x0000001a pop edx 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1279422 second address: 127942C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FF1A8D4F236h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 127942C second address: 1279430 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1277837 second address: 1277847 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FF1A8D4F236h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1277847 second address: 127784B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 127784B second address: 127785F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1A8D4F23Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1277B5F second address: 1277B63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1277B63 second address: 1277B67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1277B67 second address: 1277B81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FF1A8DD2176h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f pop edx 0x00000010 popad 0x00000011 pushad 0x00000012 ja 00007FF1A8DD217Ch 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1277B81 second address: 1277B89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1277EA3 second address: 1277EAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1277EAB second address: 1277EB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12784B1 second address: 12784B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12784B7 second address: 12784BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12784BB second address: 12784CF instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF1A8DD2176h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jbe 00007FF1A8DD217Eh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 127905C second address: 1279072 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8D4F242h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1279072 second address: 1279085 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8DD217Ch 0x00000007 pushad 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1279085 second address: 12790BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FF1A8D4F236h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jbe 00007FF1A8D4F236h 0x00000016 jmp 00007FF1A8D4F23Bh 0x0000001b jmp 00007FF1A8D4F243h 0x00000020 popad 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12790BA second address: 12790BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 127EC9A second address: 127ECB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FF1A8D4F241h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 127ECB3 second address: 127ECB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 127DD7C second address: 127DD81 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 127DEA5 second address: 127DEC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1A8DD2187h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 127DEC0 second address: 127DEC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 127DEC4 second address: 127DEFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF1A8DD217Eh 0x0000000b jng 00007FF1A8DD2190h 0x00000011 popad 0x00000012 pushad 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 127DEFD second address: 127DF1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FF1A8D4F236h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FF1A8D4F242h 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 127E248 second address: 127E24C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 127E24C second address: 127E25C instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF1A8D4F236h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 127E25C second address: 127E260 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 127E260 second address: 127E2A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8D4F248h 0x00000007 jmp 00007FF1A8D4F248h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007FF1A8D4F23Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 127E2A3 second address: 127E2AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 127E400 second address: 127E40A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FF1A8D4F236h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 127E6EF second address: 127E703 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FF1A8DD2176h 0x0000000a jng 00007FF1A8DD2176h 0x00000010 popad 0x00000011 push esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 127E86C second address: 127E870 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 127E9E6 second address: 127E9F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 127E9F0 second address: 127E9F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 127E9F4 second address: 127EA17 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007FF1A8DD2189h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 127EA17 second address: 127EA3A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8D4F23Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007FF1A8D4F23Eh 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 128B886 second address: 128B88A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 128B88A second address: 128B8AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jns 00007FF1A8D4F236h 0x00000010 jmp 00007FF1A8D4F245h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 128B8AF second address: 128B8CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8DD2185h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 128B8CE second address: 128B8E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1A8D4F23Eh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1289BC1 second address: 1289BCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FF1A8DD2176h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1289BCB second address: 1289BE9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8D4F248h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 128A1CC second address: 128A1D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 128A1D0 second address: 128A1DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jc 00007FF1A8D4F236h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 128A1DE second address: 128A1F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8DD2181h 0x00000007 jl 00007FF1A8DD2176h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 128A1F9 second address: 128A1FE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 128A344 second address: 128A35C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8DD2182h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 128A35C second address: 128A378 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8D4F248h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 128A378 second address: 128A389 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007FF1A8DD2197h 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 128A65E second address: 128A683 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FF1A8D4F236h 0x0000000a jmp 00007FF1A8D4F242h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jng 00007FF1A8D4F236h 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 128A683 second address: 128A69C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8DD217Bh 0x00000007 jl 00007FF1A8DD2176h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 128A69C second address: 128A6A2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 128A922 second address: 128A92A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 128A92A second address: 128A949 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FF1A8D4F247h 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 128B042 second address: 128B04C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FF1A8DD2176h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12895BD second address: 1289603 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8D4F244h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF1A8D4F243h 0x00000010 jmp 00007FF1A8D4F249h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1292BE9 second address: 1292C05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jno 00007FF1A8DD2187h 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1292C05 second address: 1292C21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1A8D4F248h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 129D926 second address: 129D93E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8DD2182h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 129D93E second address: 129D948 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FF1A8D4F236h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 129F8B7 second address: 129F8C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FF1A8DD2176h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 129F5AB second address: 129F5B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 129F5B3 second address: 129F5B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12A4954 second address: 12A4968 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 jmp 00007FF1A8D4F23Bh 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12A4968 second address: 12A496C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12A496C second address: 12A497A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12A497A second address: 12A497E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12A497E second address: 12A499D instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF1A8D4F236h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e jmp 00007FF1A8D4F241h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12A43C4 second address: 12A43CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12A6034 second address: 12A603F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FF1A8D4F236h 0x0000000a pop ecx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12A603F second address: 12A605C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1A8DD2183h 0x00000009 jbe 00007FF1A8DD2176h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12A8DBF second address: 12A8DC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12A8DC4 second address: 12A8DCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12A8C5A second address: 12A8C5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12AA4BC second address: 12AA4F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF1A8DD2189h 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f jmp 00007FF1A8DD2181h 0x00000014 pop edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12ABC09 second address: 12ABC22 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF1A8D4F243h 0x00000008 jmp 00007FF1A8D4F23Dh 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12ABC22 second address: 12ABC3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1A8DD2186h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12B9410 second address: 12B942D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8D4F248h 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12C056C second address: 12C0570 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12C0A37 second address: 12C0A3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12C0A3F second address: 12C0A43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12C0A43 second address: 12C0A49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12C0CD4 second address: 12C0D0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jno 00007FF1A8DD218Dh 0x0000000d jmp 00007FF1A8DD2180h 0x00000012 push esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12C0FDB second address: 12C0FF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8D4F240h 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12D2F34 second address: 12D2F4F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8DD2187h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12E388D second address: 12E3897 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FF1A8D4F236h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12FDD83 second address: 12FDD87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12FCF42 second address: 12FCF46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12FCF46 second address: 12FCF72 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8DD2188h 0x00000007 jmp 00007FF1A8DD2180h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12FD239 second address: 12FD248 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FF1A8D4F236h 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12FD248 second address: 12FD252 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FF1A8DD2176h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12FD4F4 second address: 12FD510 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8D4F23Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jo 00007FF1A8D4F242h 0x0000000f jng 00007FF1A8D4F236h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12FD631 second address: 12FD651 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1A8DD217Ch 0x00000009 pop ecx 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FF1A8DD217Bh 0x00000012 pop esi 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12FD651 second address: 12FD665 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FF1A8D4F23Dh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12FD79D second address: 12FD7A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12FD7A1 second address: 12FD7AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12FD7AD second address: 12FD7C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8DD2182h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12FD7C3 second address: 12FD7D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007FF1A8D4F23Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12FD94D second address: 12FD95D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 jg 00007FF1A8DD2186h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12FD95D second address: 12FD961 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12FF5A1 second address: 12FF5B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1A8DD2180h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1301FEF second address: 1301FF5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 13022F6 second address: 13022FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 13070EC second address: 13070F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30D8D second address: 4B30D93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30D93 second address: 4B30DAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1A8D4F246h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30DAD second address: 4B30DC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, dword ptr [eax+00000FDCh] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30DC1 second address: 4B30DC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30DC5 second address: 4B30DCB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30DCB second address: 4B30E32 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1A8D4F23Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test ecx, ecx 0x0000000b pushad 0x0000000c pushad 0x0000000d jmp 00007FF1A8D4F242h 0x00000012 mov ebx, eax 0x00000014 popad 0x00000015 pushad 0x00000016 jmp 00007FF1A8D4F23Ch 0x0000001b pushfd 0x0000001c jmp 00007FF1A8D4F242h 0x00000021 add eax, 57CAC628h 0x00000027 jmp 00007FF1A8D4F23Bh 0x0000002c popfd 0x0000002d popad 0x0000002e popad 0x0000002f jns 00007FF1A8D4F256h 0x00000035 pushad 0x00000036 push eax 0x00000037 push edx 0x00000038 mov ebx, ecx 0x0000003a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30E32 second address: 4B30E6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 movzx ecx, bx 0x00000009 popad 0x0000000a add eax, ecx 0x0000000c jmp 00007FF1A8DD217Fh 0x00000011 mov eax, dword ptr [eax+00000860h] 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FF1A8DD2185h 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B30E6A second address: 4B30E70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1213CCF second address: 1213CD5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1213CD5 second address: 1213CEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1A8D4F246h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1213F41 second address: 1213F46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Tries to evade debugger and weak emulator (self modifying code)
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 1063779 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 10636D9 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 120916B instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 12094D0 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 10613AA instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 12189B7 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 1207BFA instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 5736Thread sleep time: -30000s >= -30000sJump to behavior
    Source: file.exe, file.exe, 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: file.exe, 00000000.00000002.2081395591.0000000000930000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWEi$
    Source: file.exe, 00000000.00000002.2081395591.00000000008CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081395591.0000000000921000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: file.exe, 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (window names)
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01045BB0 LdrInitializeThunk,0_2_01045BB0

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: file.exeString found in binary or memory: spirittunek.stor
    Source: file.exeString found in binary or memory: bathdoomgaz.stor
    Source: file.exeString found in binary or memory: clearancek.site
    Source: file.exeString found in binary or memory: licendfilteo.site
    Source: file.exeString found in binary or memory: eaglepawnoy.stor
    Source: file.exeString found in binary or memory: mobbipenju.stor
    Source: file.exeString found in binary or memory: studennotediw.stor
    Source: file.exeString found in binary or memory: dissapoiznw.stor
    Source: file.exe, file.exe, 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: qProgram Manager
    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Command and Scripting Interpreter    		1
    DLL Side-Loading    		1
    Process Injection    		24
    Virtualization/Sandbox Evasion    		OS Credential Dumping631
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    PowerShell    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Process Injection    		LSASS Memory24
    Virtualization/Sandbox Evasion    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive3
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
    Obfuscated Files or Information    		NTDS23
    System Information Discovery    		Distributed Component Object ModelInput Capture114
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe100%AviraTR/Crypt.ZPACK.Gen
    file.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900100%URL Reputationmalware
    https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=english0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/inventory/100%URL Reputationmalware
    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=en0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englis0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r10%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=en0%URL Reputationsafe
    https://store.steampowered.com/stats/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=10%URL Reputationsafe
    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
    https://store.steampowered.com/legal/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=e0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=engl0%URL Reputationsafe
    https://store.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english0%URL Reputationsafe
    http://store.steampowered.com/account/cookiepreferences/0%URL Reputationsafe
    https://store.steampowered.com/mobile0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&amp;l=english0%URL Reputationsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truetrue
      		unknown
      sergei-esenin.com
      		172.67.206.204
      		truetrue
        		unknown
        eaglepawnoy.store
        		unknown
        		unknowntrue
          		unknown
          bathdoomgaz.store
          		unknown
          		unknowntrue
            		unknown
            spirittunek.store
            		unknown
            		unknowntrue
              		unknown
              licendfilteo.site
              		unknown
              		unknowntrue
                		unknown
                studennotediw.store
                		unknown
                		unknowntrue
                  		unknown
                  mobbipenju.store
                  		unknown
                  		unknowntrue
                    		unknown
                    clearancek.site
                    		unknown
                    		unknowntrue
                      		unknown
                      dissapoiznw.store
                      		unknown
                      		unknowntrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        studennotediw.storetrue
                          		unknown
                          dissapoiznw.storetrue
                            		unknown
                            https://steamcommunity.com/profiles/76561199724331900true
                            • URL Reputation: malware
                            		unknown
                            eaglepawnoy.storetrue
                              		unknown
                              bathdoomgaz.storetrue
                                		unknown
                                clearancek.sitetrue
                                  		unknown
                                  spirittunek.storetrue
                                    		unknown
                                    licendfilteo.sitetrue
                                      		unknown
                                      mobbipenju.storetrue
                                        		unknown
                                        https://sergei-esenin.com/apitrue
                                          		unknown

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          https://community.akamai.steamstatic.com/public/css/skin_1/headefile.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&ampfile.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://steamcommunity.com/?subsection=broadcastsfile.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://sergei-esenin.com/file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.valvesoftware.com/legal.htmfile.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampfile.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngfile.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngfile.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackfile.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLfile.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://community.akas#file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://eaglepawnoy.store:443/apifile.exe, 00000000.00000002.2081395591.000000000090E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcfile.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://steamcommunity.com/profiles/765611997243319009Ufile.exe, 00000000.00000002.2081395591.0000000000921000.00000004.00000020.00020000.00000000.sdmptrue
                                                            		unknown
                                                            https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=englishfile.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://community.akamai.steamstatic.com/public/shared/css/shared_globafile.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              http://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000002.2081681504.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://community.akamfile.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=M7aUfile.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://community.akamai.steamstatic.com/public/shared/css/motiva_sanfile.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://store.steampowered.com/points/shop/file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://steamcommunity.com/profiles/76561199724331900/inventory/file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmptrue
                                                                    • URL Reputation: malware
                                                                    		unknown
                                                                    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgfile.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://community.akamai.steamstatic.com/publifile.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=enfile.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://sergei-esenin.com:443/apifile.exe, 00000000.00000002.2081395591.000000000090E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&afile.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amfile.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://community.akamai.steamstw&file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=englishfile.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=englishfile.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngfile.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://avatars.akamai.steamstaticfile.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englisfile.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCfile.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://sergei-esenin.com/Sfile.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://store.steampowered.com/about/file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://steamcommunity.com/my/wishlist/file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://mobbipenju.store/apiEfile.exe, 00000000.00000002.2081395591.0000000000905000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=englishfile.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://help.steampowered.com/en/file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://steamcommunity.com/market/file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://store.steampowered.com/news/file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://community.akamai.steamstatic.com/public/javascript/g&file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        http://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000002.2081681504.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgfile.exe, 00000000.00000002.2081681504.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=enfile.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://sergei-esenin.com/apiUfile.exe, 00000000.00000002.2081681504.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://steamcommunity.com/discussions/file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://store.steampowered.com/stats/file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1file.exe, 00000000.00000002.2081681504.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://store.steampowered.com/steam_refunds/file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://community.akamai.steamstatic.cofile.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://community.akaw$file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://steamcommunity.com/workshop/file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://store.steampowered.com/legal/file.exe, 00000000.00000002.2081681504.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=efile.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=Gu9gs5hffile.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://community.akamai.steamstatic.com/public/sharel#file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvfile.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=englfile.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://steamcommunity.cfile.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=IZH_ONwLX4kw&amp;l=efile.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://store.steampowered.com/file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvwfile.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://avatars.akamai.file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://studennotediw.store:443/apifile.exe, 00000000.00000002.2081395591.000000000090E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://community.akafile.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://mobbipenju.store:443/apifile.exe, 00000000.00000002.2081395591.000000000090E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.giffile.exe, 00000000.00000003.2073515462.000000000094C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      https://steamcommunity.com/QR_file.exe, 00000000.00000002.2081395591.0000000000921000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://clearancek.site:443/apiifile.exe, 00000000.00000002.2081395591.000000000090E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          https://spirittunek.store:443/apifile.exe, 00000000.00000002.2081395591.000000000090E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://steamcommunity.com:443/profiles/76561199724331900g;file.exe, 00000000.00000002.2081395591.000000000090E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=englishfile.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              http://store.steampowered.com/account/cookiepreferences/file.exe, 00000000.00000002.2081681504.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              https://store.steampowered.com/mobilefile.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              https://steamcommunity.com/file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://community.akamai.steamstatic.com/public/shared/css/buttons.file.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&amp;l=englishfile.exe, 00000000.00000003.2073515462.0000000000956000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073478298.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2081618336.0000000000956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  https://dissapoiznw.store:443/api::file.exe, 00000000.00000002.2081395591.000000000090E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown

                                                                                                                                    World Map of Contacted IPs

                                                                                                                                    • No. of IPs < 25%
                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                    • 75% < No. of IPs

                                                                                                                                    Public IPs

                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                    104.102.49.254
                                                                                                                                    		steamcommunity.comUnited States
                                                                                                                                    		16625AKAMAI-ASUStrue
                                                                                                                                    172.67.206.204
                                                                                                                                    		sergei-esenin.comUnited States
                                                                                                                                    		13335CLOUDFLARENETUStrue

                                                                                                                                    General Information

                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                    Analysis ID:1531319
                                                                                                                                    Start date and time:2024-10-11 01:49:09 +02:00
                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                    Overall analysis duration:0h 2m 41s
                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                    Report type:full
                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                    Number of analysed new started processes analysed:2
                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                    Technologies:
                                                                                                                                    • HCA enabled
                                                                                                                                    • EGA enabled
                                                                                                                                    • AMSI enabled
                                                                                                                                    Analysis Mode:default
                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                    Sample name:file.exe
                                                                                                                                    Detection:MAL
                                                                                                                                    Classification:mal100.troj.evad.winEXE@1/0@10/2
                                                                                                                                    EGA Information:
                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                    HCA Information:Failed
                                                                                                                                    Cookbook Comments:
                                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                                    • Stop behavior analysis, all processes terminated

                                                                                                                                    Warnings

                                                                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                    • VT rate limit hit for: file.exe

                                                                                                                                    Simulations

                                                                                                                                    Behavior and APIs

                                                                                                                                    TimeTypeDescription
                                                                                                                                    19:50:00API Interceptor2x Sleep call for process: file.exe modified

                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                    IPs

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                    104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                                    • www.valvesoftware.com/legal.htm
                                                                                                                                    172.67.206.204file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                        Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                          Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                    zYlQoif21X.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, StealcBrowse
                                                                                                                                                      file.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                        Domains

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        sergei-esenin.comfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.53.8
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.206.204
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.206.204
                                                                                                                                                        Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.206.204
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.53.8
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.53.8
                                                                                                                                                        Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.206.204
                                                                                                                                                        Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.53.8
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.206.204
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.206.204
                                                                                                                                                        steamcommunity.comfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 23.192.247.89
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 23.50.98.133
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 23.192.247.89
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 23.192.247.89
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 23.197.127.21
                                                                                                                                                        Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 23.197.127.21
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        ASmartCore_[1MB]_[unsign].exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 23.192.247.89

                                                                                                                                                        ASNs

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        CLOUDFLARENETUSlv961v43L3.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        http://fastuniversaldelivery.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 172.67.15.14
                                                                                                                                                        https://keysmix.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 104.18.28.104
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.53.8
                                                                                                                                                        https://form.jotform.com/242814004861047Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 104.22.73.81
                                                                                                                                                        https://megawishbone.nl/Get hashmaliciousHtmlDropperBrowse
                                                                                                                                                        • 104.21.61.119
                                                                                                                                                        https://soloist.ai/trigwiki23Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 104.16.123.96
                                                                                                                                                        https://url.us.m.mimecastprotect.com/s/i78SCER7VQSp6YXNRsNfJF7h3vl?domain=customervoice.microsoft.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 104.21.53.126
                                                                                                                                                        https://ercdz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 172.67.130.38
                                                                                                                                                        https://ericstates.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 162.159.140.229
                                                                                                                                                        AKAMAI-ASUSfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 23.192.247.89
                                                                                                                                                        https://purefitness.co.tz/coolimages/img/?action=validate&539=bWljaGFlbC5jaHVAbGNhdHRlcnRvbi5jb20=&r1=pending&r2=page&real=actGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 184.28.57.75
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 23.50.98.133
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 23.192.247.89
                                                                                                                                                        bc3c228ad2c13f96cb14375c3860e802.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 95.100.50.221
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 23.192.247.89
                                                                                                                                                        original (1).emlGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 2.19.126.151
                                                                                                                                                        brayton HR Bulletin_270852_3BU4-ZSJO2U-JMY3.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 23.203.104.175
                                                                                                                                                        vEOTtk6FeG.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 184.50.185.53

                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        • 172.67.206.204
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        • 172.67.206.204
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        • 172.67.206.204
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        • 172.67.206.204
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        • 172.67.206.204
                                                                                                                                                        O1cd60GrHb.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        • 172.67.206.204
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        • 172.67.206.204
                                                                                                                                                        Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        • 172.67.206.204
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        • 172.67.206.204
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.102.49.254
                                                                                                                                                        • 172.67.206.204

                                                                                                                                                        Dropped Files

                                                                                                                                                        No context

                                                                                                                                                        Created / dropped Files

                                                                                                                                                        No created / dropped files found

                                                                                                                                                        Static File Info

                                                                                                                                                        General

                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Entropy (8bit):7.947789216879279
                                                                                                                                                        TrID:
                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                        File name:file.exe
                                                                                                                                                        File size:1'876'480 bytes
                                                                                                                                                        MD5:e6b88cfb16f5d19478b9e6ee844dde1a
                                                                                                                                                        SHA1:992f55cffffc876755399d77175ccf53f2a02531
                                                                                                                                                        SHA256:84cdf009832cce6906bd5ea127064e4e2d26fb8b4833bed93c8e208cd94e1938
                                                                                                                                                        SHA512:22af212b8cd9124bc32f952397307fbabb7d1da6ab9bb578d9d6e24d160a1a90a5504d194903e11a1d99ff67321fbf782b25ce69b266f0fc9b55a547c7264e04
                                                                                                                                                        SSDEEP:49152:YV0PdodMmfm3ydYhYi5ZtKGAsxkIP/JUfj+Kx6NupLf6:YCodt+3naJcDKNpLf
                                                                                                                                                        TLSH:999533A484EF096AE495BE3C4223DC559754ECED88560134331B61B1CCF6EF1B391E6E
                                                                                                                                                        File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f.............................0K...........@..........................`K.....$.....@.................................W...k..

                                                                                                                                                        File Icon

                                                                                                                                                        Icon Hash:00928e8e8686b000

                                                                                                                                                        Static PE Info

                                                                                                                                                        General

                                                                                                                                                        Entrypoint:0x8b3000
                                                                                                                                                        Entrypoint Section:.taggant
                                                                                                                                                        Digitally signed:false
                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                        Time Stamp:0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
                                                                                                                                                        TLS Callbacks:
                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                        OS Version Major:6
                                                                                                                                                        OS Version Minor:0
                                                                                                                                                        File Version Major:6
                                                                                                                                                        File Version Minor:0
                                                                                                                                                        Subsystem Version Major:6
                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                        Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                        Entrypoint Preview

                                                                                                                                                        Instruction
                                                                                                                                                        jmp 00007FF1A865B6EAh
                                                                                                                                                        jo 00007FF1A865B702h
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        jmp 00007FF1A865D6E5h
                                                                                                                                                        add byte ptr [edi], al
                                                                                                                                                        or al, byte ptr [eax]
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax+0Ah], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add dword ptr [eax+00000000h], eax
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        adc byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        push es
                                                                                                                                                        or al, byte ptr [eax]
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], dh
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add al, 00h
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], cl
                                                                                                                                                        add byte ptr [eax], 00000000h
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        adc byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        push es
                                                                                                                                                        or al, byte ptr [eax]
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], dh
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax+00000000h], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [edx], ah
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [esi], al
                                                                                                                                                        add byte ptr [eax], 00000000h
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        adc byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        pop es
                                                                                                                                                        or al, byte ptr [eax]
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [edi], cl
                                                                                                                                                        or al, byte ptr [eax]
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [edi], al
                                                                                                                                                        add byte ptr [eax], 00000000h
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al

                                                                                                                                                        Data Directories

                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x5f0570x6b.idata
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x5f1f80x8.idata
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                        Sections

                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                        0x10000x5d0000x25e006b8e64bc61dd5a9de01926e0e58f4106False0.9995487830033003data7.977907503208551IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                        .rsrc 0x5e0000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                        .idata 0x5f0000x10000x200fe72def8b74193a84232a780098a7ce0False0.150390625data1.04205214219471IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                        0x600000x2b10000x2004d482955e057b89e483677b9f757838bunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                        pifixlui0x3110000x1a10000x1a0a00251c2dcf84afe032cba16958b387f97bFalse0.9943070478922892data7.953483377760076IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                        ntcibuer0x4b20000x10000x4002c0907408fe9248c449f170e49a7c555False0.7294921875data5.813649526505436IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                        .taggant0x4b30000x30000x220092e587ceb4feb9af6411b37637e5a8e5False0.05193014705882353DOS executable (COM)0.5277417843373009IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                        Imports

                                                                                                                                                        DLLImport
                                                                                                                                                        kernel32.dlllstrcpy

                                                                                                                                                        Network Behavior

                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                        2024-10-11T01:50:01.874815+02002056471ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)1192.168.2.5501201.1.1.153UDP
                                                                                                                                                        2024-10-11T01:50:01.898772+02002056485ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)1192.168.2.5633491.1.1.153UDP
                                                                                                                                                        2024-10-11T01:50:01.912136+02002056483ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)1192.168.2.5539981.1.1.153UDP
                                                                                                                                                        2024-10-11T01:50:01.922623+02002056481ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)1192.168.2.5509801.1.1.153UDP
                                                                                                                                                        2024-10-11T01:50:01.932833+02002056479ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)1192.168.2.5565421.1.1.153UDP
                                                                                                                                                        2024-10-11T01:50:01.952348+02002056477ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)1192.168.2.5600201.1.1.153UDP
                                                                                                                                                        2024-10-11T01:50:01.964183+02002056475ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)1192.168.2.5611081.1.1.153UDP
                                                                                                                                                        2024-10-11T01:50:01.976240+02002056473ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)1192.168.2.5609211.1.1.153UDP
                                                                                                                                                        2024-10-11T01:50:03.534551+02002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.549704104.102.49.254443TCP
                                                                                                                                                        2024-10-11T01:50:04.600620+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.549705172.67.206.204443TCP
                                                                                                                                                        2024-10-11T01:50:04.600620+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549705172.67.206.204443TCP

                                                                                                                                                        Network Port Distribution

                                                                                                                                                        TCP Packets

                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                        Oct 11, 2024 01:50:02.000746012 CEST49704443192.168.2.5104.102.49.254
                                                                                                                                                        Oct 11, 2024 01:50:02.000777006 CEST44349704104.102.49.254192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:02.000946045 CEST49704443192.168.2.5104.102.49.254
                                                                                                                                                        Oct 11, 2024 01:50:02.001956940 CEST49704443192.168.2.5104.102.49.254
                                                                                                                                                        Oct 11, 2024 01:50:02.001972914 CEST44349704104.102.49.254192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:02.763902903 CEST44349704104.102.49.254192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:02.764288902 CEST49704443192.168.2.5104.102.49.254
                                                                                                                                                        Oct 11, 2024 01:50:02.767904043 CEST49704443192.168.2.5104.102.49.254
                                                                                                                                                        Oct 11, 2024 01:50:02.767923117 CEST44349704104.102.49.254192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:02.768337965 CEST44349704104.102.49.254192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:02.821152925 CEST49704443192.168.2.5104.102.49.254
                                                                                                                                                        Oct 11, 2024 01:50:03.050421000 CEST49704443192.168.2.5104.102.49.254
                                                                                                                                                        Oct 11, 2024 01:50:03.091443062 CEST44349704104.102.49.254192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:03.534640074 CEST44349704104.102.49.254192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:03.534693956 CEST44349704104.102.49.254192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:03.534713030 CEST44349704104.102.49.254192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:03.534750938 CEST44349704104.102.49.254192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:03.534790039 CEST44349704104.102.49.254192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:03.534920931 CEST49704443192.168.2.5104.102.49.254
                                                                                                                                                        Oct 11, 2024 01:50:03.534920931 CEST49704443192.168.2.5104.102.49.254
                                                                                                                                                        Oct 11, 2024 01:50:03.534920931 CEST49704443192.168.2.5104.102.49.254
                                                                                                                                                        Oct 11, 2024 01:50:03.534946918 CEST44349704104.102.49.254192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:03.535206079 CEST49704443192.168.2.5104.102.49.254
                                                                                                                                                        Oct 11, 2024 01:50:03.535206079 CEST49704443192.168.2.5104.102.49.254
                                                                                                                                                        Oct 11, 2024 01:50:03.662930012 CEST44349704104.102.49.254192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:03.663002014 CEST44349704104.102.49.254192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:03.663188934 CEST49704443192.168.2.5104.102.49.254
                                                                                                                                                        Oct 11, 2024 01:50:03.663211107 CEST44349704104.102.49.254192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:03.663352966 CEST49704443192.168.2.5104.102.49.254
                                                                                                                                                        Oct 11, 2024 01:50:03.669929981 CEST44349704104.102.49.254192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:03.670010090 CEST49704443192.168.2.5104.102.49.254
                                                                                                                                                        Oct 11, 2024 01:50:03.670022011 CEST44349704104.102.49.254192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:03.670178890 CEST44349704104.102.49.254192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:03.670244932 CEST49704443192.168.2.5104.102.49.254
                                                                                                                                                        Oct 11, 2024 01:50:03.670259953 CEST49704443192.168.2.5104.102.49.254
                                                                                                                                                        Oct 11, 2024 01:50:03.670792103 CEST49704443192.168.2.5104.102.49.254
                                                                                                                                                        Oct 11, 2024 01:50:03.670800924 CEST44349704104.102.49.254192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:03.670814991 CEST49704443192.168.2.5104.102.49.254
                                                                                                                                                        Oct 11, 2024 01:50:03.670819998 CEST44349704104.102.49.254192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:03.683226109 CEST49705443192.168.2.5172.67.206.204
                                                                                                                                                        Oct 11, 2024 01:50:03.683278084 CEST44349705172.67.206.204192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:03.683486938 CEST49705443192.168.2.5172.67.206.204
                                                                                                                                                        Oct 11, 2024 01:50:03.683723927 CEST49705443192.168.2.5172.67.206.204
                                                                                                                                                        Oct 11, 2024 01:50:03.683733940 CEST44349705172.67.206.204192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:04.168298960 CEST44349705172.67.206.204192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:04.168426991 CEST49705443192.168.2.5172.67.206.204
                                                                                                                                                        Oct 11, 2024 01:50:04.171310902 CEST49705443192.168.2.5172.67.206.204
                                                                                                                                                        Oct 11, 2024 01:50:04.171327114 CEST44349705172.67.206.204192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:04.171823025 CEST44349705172.67.206.204192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:04.173811913 CEST49705443192.168.2.5172.67.206.204
                                                                                                                                                        Oct 11, 2024 01:50:04.173813105 CEST49705443192.168.2.5172.67.206.204
                                                                                                                                                        Oct 11, 2024 01:50:04.173911095 CEST44349705172.67.206.204192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:04.600497961 CEST44349705172.67.206.204192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:04.600712061 CEST44349705172.67.206.204192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:04.600908041 CEST49705443192.168.2.5172.67.206.204
                                                                                                                                                        Oct 11, 2024 01:50:04.601516962 CEST49705443192.168.2.5172.67.206.204
                                                                                                                                                        Oct 11, 2024 01:50:04.601516962 CEST49705443192.168.2.5172.67.206.204
                                                                                                                                                        Oct 11, 2024 01:50:04.601562023 CEST44349705172.67.206.204192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:04.601588964 CEST44349705172.67.206.204192.168.2.5

                                                                                                                                                        UDP Packets

                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                        Oct 11, 2024 01:50:01.874814987 CEST5012053192.168.2.51.1.1.1
                                                                                                                                                        Oct 11, 2024 01:50:01.894977093 CEST53501201.1.1.1192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:01.898772001 CEST6334953192.168.2.51.1.1.1
                                                                                                                                                        Oct 11, 2024 01:50:01.909954071 CEST53633491.1.1.1192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:01.912136078 CEST5399853192.168.2.51.1.1.1
                                                                                                                                                        Oct 11, 2024 01:50:01.921468019 CEST53539981.1.1.1192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:01.922622919 CEST5098053192.168.2.51.1.1.1
                                                                                                                                                        Oct 11, 2024 01:50:01.931550026 CEST53509801.1.1.1192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:01.932832956 CEST5654253192.168.2.51.1.1.1
                                                                                                                                                        Oct 11, 2024 01:50:01.941378117 CEST53565421.1.1.1192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:01.952347994 CEST6002053192.168.2.51.1.1.1
                                                                                                                                                        Oct 11, 2024 01:50:01.961361885 CEST53600201.1.1.1192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:01.964183092 CEST6110853192.168.2.51.1.1.1
                                                                                                                                                        Oct 11, 2024 01:50:01.974121094 CEST53611081.1.1.1192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:01.976239920 CEST6092153192.168.2.51.1.1.1
                                                                                                                                                        Oct 11, 2024 01:50:01.984819889 CEST53609211.1.1.1192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:01.988692045 CEST5734953192.168.2.51.1.1.1
                                                                                                                                                        Oct 11, 2024 01:50:01.995938063 CEST53573491.1.1.1192.168.2.5
                                                                                                                                                        Oct 11, 2024 01:50:03.672843933 CEST5277853192.168.2.51.1.1.1
                                                                                                                                                        Oct 11, 2024 01:50:03.682460070 CEST53527781.1.1.1192.168.2.5

                                                                                                                                                        DNS Queries

                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                        Oct 11, 2024 01:50:01.874814987 CEST192.168.2.51.1.1.10x465cStandard query (0)clearancek.siteA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 11, 2024 01:50:01.898772001 CEST192.168.2.51.1.1.10x256cStandard query (0)mobbipenju.storeA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 11, 2024 01:50:01.912136078 CEST192.168.2.51.1.1.10x105dStandard query (0)eaglepawnoy.storeA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 11, 2024 01:50:01.922622919 CEST192.168.2.51.1.1.10x3f15Standard query (0)dissapoiznw.storeA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 11, 2024 01:50:01.932832956 CEST192.168.2.51.1.1.10xc975Standard query (0)studennotediw.storeA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 11, 2024 01:50:01.952347994 CEST192.168.2.51.1.1.10xbdc2Standard query (0)bathdoomgaz.storeA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 11, 2024 01:50:01.964183092 CEST192.168.2.51.1.1.10xf7aStandard query (0)spirittunek.storeA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 11, 2024 01:50:01.976239920 CEST192.168.2.51.1.1.10x28feStandard query (0)licendfilteo.siteA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 11, 2024 01:50:01.988692045 CEST192.168.2.51.1.1.10x37faStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 11, 2024 01:50:03.672843933 CEST192.168.2.51.1.1.10x18f6Standard query (0)sergei-esenin.comA (IP address)IN (0x0001)false

                                                                                                                                                        DNS Answers

                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                        Oct 11, 2024 01:50:01.894977093 CEST1.1.1.1192.168.2.50x465cName error (3)clearancek.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 11, 2024 01:50:01.909954071 CEST1.1.1.1192.168.2.50x256cName error (3)mobbipenju.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 11, 2024 01:50:01.921468019 CEST1.1.1.1192.168.2.50x105dName error (3)eaglepawnoy.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 11, 2024 01:50:01.931550026 CEST1.1.1.1192.168.2.50x3f15Name error (3)dissapoiznw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 11, 2024 01:50:01.941378117 CEST1.1.1.1192.168.2.50xc975Name error (3)studennotediw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 11, 2024 01:50:01.961361885 CEST1.1.1.1192.168.2.50xbdc2Name error (3)bathdoomgaz.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 11, 2024 01:50:01.974121094 CEST1.1.1.1192.168.2.50xf7aName error (3)spirittunek.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 11, 2024 01:50:01.984819889 CEST1.1.1.1192.168.2.50x28feName error (3)licendfilteo.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                        Oct 11, 2024 01:50:01.995938063 CEST1.1.1.1192.168.2.50x37faNo error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                                                        Oct 11, 2024 01:50:03.682460070 CEST1.1.1.1192.168.2.50x18f6No error (0)sergei-esenin.com172.67.206.204A (IP address)IN (0x0001)false
                                                                                                                                                        Oct 11, 2024 01:50:03.682460070 CEST1.1.1.1192.168.2.50x18f6No error (0)sergei-esenin.com104.21.53.8A (IP address)IN (0x0001)false

                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                        • steamcommunity.com
                                                                                                                                                        • sergei-esenin.com

                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        0192.168.2.549704104.102.49.2544436300C:\Users\user\Desktop\file.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-10-10 23:50:03 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                        Host: steamcommunity.com
                                                                                                                                                        2024-10-10 23:50:03 UTC1870INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                        Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Date: Thu, 10 Oct 2024 23:50:03 GMT
                                                                                                                                                        Content-Length: 34837
                                                                                                                                                        Connection: close
                                                                                                                                                        Set-Cookie: sessionid=d734de59715f896a50b91f30; Path=/; Secure; SameSite=None
                                                                                                                                                        Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                        2024-10-10 23:50:03 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                                        Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                                        2024-10-10 23:50:03 UTC16384INData Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f
                                                                                                                                                        Data Ascii: <script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#glo
                                                                                                                                                        2024-10-10 23:50:03 UTC3768INData Raw: 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29
                                                                                                                                                        Data Ascii: <div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function()
                                                                                                                                                        2024-10-10 23:50:03 UTC171INData Raw: 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                        Data Ascii: <span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        1192.168.2.549705172.67.206.2044436300C:\Users\user\Desktop\file.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-10-10 23:50:04 UTC264OUTPOST /api HTTP/1.1
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                        Content-Length: 8
                                                                                                                                                        Host: sergei-esenin.com
                                                                                                                                                        2024-10-10 23:50:04 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                        Data Ascii: act=life
                                                                                                                                                        2024-10-10 23:50:04 UTC827INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 10 Oct 2024 23:50:04 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: close
                                                                                                                                                        Set-Cookie: PHPSESSID=hthfok49c33n83cginpcdu7r6r; expires=Mon, 03 Feb 2025 17:36:43 GMT; Max-Age=9999999; path=/
                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                        vary: accept-encoding
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5vrauZlmVPZ5ZE8T5%2Bk9g4y9wz2JRGCsI%2BxFqLLcjiLQk8L8yRcnicqqgPIWLVly1FWSMcjVBsgoWMg004n7OG875U3aoKG6GIpc%2BTiYqGwIOmeoxM8ZCMGX4SI7bEmrYo3wuA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8d0a82b47d5f17e1-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        2024-10-10 23:50:04 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                                        Data Ascii: aerror #D12
                                                                                                                                                        2024-10-10 23:50:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: 0


                                                                                                                                                        Statistics

                                                                                                                                                        CPU Usage

                                                                                                                                                        Click to jump to process

                                                                                                                                                        Memory Usage

                                                                                                                                                        Click to jump to process

                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                        System Behavior

                                                                                                                                                        General

                                                                                                                                                        Target ID:0
                                                                                                                                                        Start time:19:49:59
                                                                                                                                                        Start date:10/10/2024
                                                                                                                                                        Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                        Imagebase:0x1000000
                                                                                                                                                        File size:1'876'480 bytes
                                                                                                                                                        MD5 hash:E6B88CFB16F5D19478B9E6EE844DDE1A
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:low
                                                                                                                                                        Has exited:true

                                                                                                                                                        Disassembly

                                                                                                                                                        Reset < >

                                                                                                                                                          Execution Graph

                                                                                                                                                          Execution Coverage:1%
                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                          Signature Coverage:56.2%
                                                                                                                                                          Total number of Nodes:48
                                                                                                                                                          Total number of Limit Nodes:6
                                                                                                                                                          execution_graph 21114 100fca0 21115 100fcdc 21114->21115 21117 100ffe4 21115->21117 21118 1043220 21115->21118 21119 10432a2 RtlFreeHeap 21118->21119 21120 10432ac 21118->21120 21121 1043236 21118->21121 21119->21120 21120->21117 21121->21119 21122 1043202 RtlAllocateHeap 21123 103d9cb 21124 103d9fb 21123->21124 21126 103da65 21124->21126 21127 1045bb0 LdrInitializeThunk 21124->21127 21127->21124 21128 104626a 21129 104628d 21128->21129 21130 10462de 21129->21130 21135 1045bb0 LdrInitializeThunk 21129->21135 21132 104636e 21130->21132 21134 1045bb0 LdrInitializeThunk 21130->21134 21134->21132 21135->21130 21136 100d110 21140 100d119 21136->21140 21137 100d2ee ExitProcess 21138 100d2e9 21143 10456e0 FreeLibrary 21138->21143 21140->21137 21140->21138 21142 1010b40 FreeLibrary 21140->21142 21142->21138 21143->21137 21157 10460d2 21158 10460fa 21157->21158 21159 104614e 21158->21159 21163 1045bb0 LdrInitializeThunk 21158->21163 21162 1045bb0 LdrInitializeThunk 21159->21162 21162->21159 21163->21159 21164 104673d 21166 10466aa 21164->21166 21165 1046793 21166->21164 21166->21165 21169 1045bb0 LdrInitializeThunk 21166->21169 21168 10467b3 21169->21168 21170 101049b 21171 1010227 21170->21171 21172 1010455 21171->21172 21175 1010308 21171->21175 21176 1045700 RtlFreeHeap 21171->21176 21177 1045700 RtlFreeHeap 21172->21177 21176->21172 21177->21175 21178 10464b8 21180 10463f2 21178->21180 21179 104646e 21180->21179 21182 1045bb0 LdrInitializeThunk 21180->21182 21182->21179 21183 10450fa 21184 1045176 LoadLibraryExW 21183->21184 21185 104514c 21183->21185 21186 104518c 21184->21186 21185->21184

                                                                                                                                                          Executed Functions

                                                                                                                                                          Function 010450FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63libraryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 25 10450fa-104514a 26 1045176-1045186 LoadLibraryExW 25->26 27 104514c-104514f 25->27 29 104518c-10451b5 26->29 30 10452d8-1045304 26->30 28 1045150-1045174 call 1045a50 27->28 28->26 29->30
                                                                                                                                                          APIs
                                                                                                                                                          • LoadLibraryExW.KERNEL32(19A41BB1,00000000,00000800), ref: 01045182
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                          • String ID: <I$)$<I$)$@^
                                                                                                                                                          • API String ID: 1029625771-935358343
                                                                                                                                                          • Opcode ID: 221565c9f3d491e56fe37c6a8b47716dd2a14b6169154e54a9d5baa5c5850086
                                                                                                                                                          • Instruction ID: 74a49c22a1fcc729aef91e354bac0ad7b3d1cd5e58dac49fdcbaa358fe05254e
                                                                                                                                                          • Opcode Fuzzy Hash: 221565c9f3d491e56fe37c6a8b47716dd2a14b6169154e54a9d5baa5c5850086
                                                                                                                                                          • Instruction Fuzzy Hash: 7121AE751083848FC310DF68E88166ABBF4BB6A340F69882CE1C5D7352D736D915CB56
                                                                                                                                                          Function 0100FCA0 Relevance: 5.4, Strings: 4, Instructions: 373COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 33 100fca0-100fcda 34 100fd0b-100fe22 33->34 35 100fcdc-100fcdf 33->35 36 100fe24 34->36 37 100fe5b-100fe8c 34->37 38 100fce0-100fd09 call 1012690 35->38 39 100fe30-100fe59 call 1012760 36->39 40 100feb6-100fecf call 1010b50 37->40 41 100fe8e-100fe8f 37->41 38->34 39->37 51 100ffe4-100ffe6 40->51 52 100fed5-100fef8 40->52 45 100fe90-100feb4 call 1012700 41->45 45->40 53 10101b1-10101bb 51->53 54 100fefa 52->54 55 100ff2b-100ff2d 52->55 56 100ff00-100ff29 call 10127e0 54->56 57 100ff30-100ff3a 55->57 56->55 59 100ff41-100ff49 57->59 60 100ff3c-100ff3f 57->60 62 10101a2-10101a5 call 1043220 59->62 63 100ff4f-100ff76 59->63 60->57 60->59 67 10101aa-10101ad 62->67 64 100ff78 63->64 65 100ffab-100ffb5 63->65 68 100ff80-100ffa9 call 1012840 64->68 69 100ffb7-100ffbb 65->69 70 100ffeb 65->70 67->53 68->65 73 100ffc7-100ffcb 69->73 71 100ffed-100ffef 70->71 75 101019a 71->75 76 100fff5-101002c 71->76 74 100ffd1-100ffd8 73->74 73->75 78 100ffda-100ffdc 74->78 79 100ffde 74->79 75->62 80 101005b-1010065 76->80 81 101002e-101002f 76->81 78->79 82 100ffc0-100ffc5 79->82 83 100ffe0-100ffe2 79->83 85 10100a4 80->85 86 1010067-101006f 80->86 84 1010030-1010059 call 10128a0 81->84 82->71 82->73 83->82 84->80 87 10100a6-10100a8 85->87 89 1010087-101008b 86->89 87->75 91 10100ae-10100c5 87->91 89->75 90 1010091-1010098 89->90 93 101009a-101009c 90->93 94 101009e 90->94 95 10100c7 91->95 96 10100fb-1010102 91->96 93->94 97 1010080-1010085 94->97 98 10100a0-10100a2 94->98 99 10100d0-10100f9 call 1012900 95->99 100 1010130-101013c 96->100 101 1010104-101010d 96->101 97->87 97->89 98->97 99->96 102 10101c2-10101c7 100->102 104 1010117-101011b 101->104 102->62 104->75 106 101011d-1010124 104->106 107 1010126-1010128 106->107 108 101012a 106->108 107->108 109 1010110-1010115 108->109 110 101012c-101012e 108->110 109->104 111 1010141-1010143 109->111 110->109 111->75 112 1010145-101015b 111->112 112->102 113 101015d-101015f 112->113 114 1010163-1010166 113->114 115 1010168-1010188 call 1012030 114->115 116 10101bc 114->116 119 1010192-1010198 115->119 120 101018a-1010190 115->120 116->102 119->102 120->114 120->119
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: J|BJ$V$VY^_$t
                                                                                                                                                          • API String ID: 0-3701112211
                                                                                                                                                          • Opcode ID: 7429bbd0af04fdd219b83c3fcb9d5ce7028083df21bf0bddc7a4785fbee5e7e4
                                                                                                                                                          • Instruction ID: c3e2db823b15f1bd771ff3518a60eda2aba229f9403bfbf817509d6db3faed1a
                                                                                                                                                          • Opcode Fuzzy Hash: 7429bbd0af04fdd219b83c3fcb9d5ce7028083df21bf0bddc7a4785fbee5e7e4
                                                                                                                                                          • Instruction Fuzzy Hash: 0ED19B7450C3819BE321DF18C49466FBFE1AF92B48F18885CF5C98B25AD339C949DB92
                                                                                                                                                          Function 0100D110 Relevance: 1.7, APIs: 1, Instructions: 168COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 157 100d110-100d11b call 1044cc0 160 100d121-100d130 call 103c8d0 157->160 161 100d2ee-100d2f6 ExitProcess 157->161 165 100d136-100d15f 160->165 166 100d2e9 call 10456e0 160->166 170 100d161 165->170 171 100d196-100d1bf 165->171 166->161 172 100d170-100d194 call 100d300 170->172 173 100d1c1 171->173 174 100d1f6-100d20c 171->174 172->171 176 100d1d0-100d1f4 call 100d370 173->176 177 100d239-100d23b 174->177 178 100d20e-100d20f 174->178 176->174 182 100d286-100d2aa 177->182 183 100d23d-100d25a 177->183 181 100d210-100d237 call 100d3e0 178->181 181->177 184 100d2d6 call 100e8f0 182->184 185 100d2ac-100d2af 182->185 183->182 188 100d25c-100d25f 183->188 195 100d2db-100d2dd 184->195 190 100d2b0-100d2d4 call 100d490 185->190 189 100d260-100d284 call 100d440 188->189 189->182 190->184 195->166 198 100d2df-100d2e4 call 1012f10 call 1010b40 195->198 198->166
                                                                                                                                                          APIs
                                                                                                                                                          • ExitProcess.KERNEL32(00000000), ref: 0100D2F1
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ExitProcess
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 621844428-0
                                                                                                                                                          • Opcode ID: 566ea863f811b70a03237fa9f4bcc8130f036c48fa3e9e198200fbad25a48d08
                                                                                                                                                          • Instruction ID: e4abee5e5c1330c72fd7d2bfa2b0a5627c815b19b8b1e3a213daefc86d94b588
                                                                                                                                                          • Opcode Fuzzy Hash: 566ea863f811b70a03237fa9f4bcc8130f036c48fa3e9e198200fbad25a48d08
                                                                                                                                                          • Instruction Fuzzy Hash: 1441667440D340ABE302BFA8D584A2EFFF5AF62614F188C5CE5C497292C73AD8109B67
                                                                                                                                                          Function 01045BB0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 212 1045bb0-1045be2 LdrInitializeThunk
                                                                                                                                                          APIs
                                                                                                                                                          • LdrInitializeThunk.NTDLL(0104973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 01045BDE
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                                                          • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                                                                                                                          • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                                                          • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                                                                                                                          Function 0104695B Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 241 104695b-104696b call 1044a20 244 1046981-1046a02 241->244 245 104696d 241->245 247 1046a04 244->247 248 1046a36-1046a42 244->248 246 1046970-104697f 245->246 246->244 246->246 249 1046a10-1046a34 call 10473e0 247->249 250 1046a44-1046a4f 248->250 251 1046a85-1046a9f 248->251 249->248 253 1046a50-1046a57 250->253 255 1046a60-1046a66 253->255 256 1046a59-1046a5c 253->256 255->251 258 1046a68-1046a7d call 1045bb0 255->258 256->253 257 1046a5e 256->257 257->251 260 1046a82 258->260 260->251
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: @
                                                                                                                                                          • API String ID: 0-2766056989
                                                                                                                                                          • Opcode ID: 2fcc72573fc88b066fe53b307ce0fc75a74acce130a4bc1a371ed252df2f86c5
                                                                                                                                                          • Instruction ID: 37498f5d15ecc40ae52032ad12b9ea96b7127f5a27bc16423c89716276c717f5
                                                                                                                                                          • Opcode Fuzzy Hash: 2fcc72573fc88b066fe53b307ce0fc75a74acce130a4bc1a371ed252df2f86c5
                                                                                                                                                          • Instruction Fuzzy Hash: 2B31A9B15183019FE758EF19D8A072BBBF1FF86344F08882CE5C687291E33A9914CB56
                                                                                                                                                          Function 0101049B Relevance: .3, Instructions: 264COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 261 101049b-1010515 call 100c9f0 265 1010440-1010458 call 1045700 261->265 266 1010480 261->266 267 1010242-1010244 261->267 268 1010482-1010484 261->268 269 1010227-101023b 261->269 270 1010246-1010260 261->270 271 1010386-101038c 261->271 272 1010308-101030c 261->272 273 10103ec-10103f4 261->273 274 1010311-1010332 261->274 275 1010370-101037e 261->275 276 10103d0-10103d7 261->276 277 1010393-1010397 261->277 278 1010472-1010477 261->278 279 1010417-1010430 261->279 280 1010356 261->280 281 1010339-101034f 261->281 282 101045b-1010469 call 1045700 261->282 283 10103fb-1010414 261->283 284 101051c-101051e 261->284 285 101035f-1010367 261->285 286 10103be 261->286 287 10103de-10103e3 261->287 265->282 292 1010296-10102bd 267->292 289 101048d-1010496 268->289 269->265 269->266 269->267 269->268 269->270 269->271 269->272 269->273 269->274 269->275 269->276 269->277 269->278 269->279 269->280 269->281 269->282 269->283 269->285 269->286 269->287 293 1010262 270->293 294 1010294 270->294 271->266 271->268 271->277 271->278 272->289 273->266 273->268 273->277 273->278 273->283 274->265 274->266 274->268 274->271 274->273 274->275 274->276 274->277 274->278 274->279 274->280 274->281 274->282 274->283 274->285 274->286 274->287 275->271 276->266 276->268 276->271 276->273 276->277 276->278 276->279 276->283 276->287 303 10103a0-10103b7 277->303 278->266 279->265 280->285 281->265 281->266 281->268 281->271 281->273 281->275 281->276 281->277 281->278 281->279 281->280 281->282 281->283 281->285 281->286 281->287 282->278 283->279 291 1010520-1010b30 284->291 285->275 286->276 287->273 289->291 296 10102ea-1010301 292->296 297 10102bf 292->297 304 1010270-1010292 call 1012eb0 293->304 294->292 296->265 296->266 296->268 296->271 296->272 296->273 296->274 296->275 296->276 296->277 296->278 296->279 296->280 296->281 296->282 296->283 296->285 296->286 296->287 305 10102c0-10102e8 call 1012e70 297->305 303->265 303->266 303->268 303->271 303->273 303->276 303->277 303->278 303->279 303->282 303->283 303->286 303->287 304->294 305->296
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b9848ca273add3d1899e7920b28278ae6c83b79bd7dfb1b696caaf6c676216f6
                                                                                                                                                          • Instruction ID: c9fe7637496096a71918429ca3a83dbe1392a9a7a69b8bec3cca314e50680ef3
                                                                                                                                                          • Opcode Fuzzy Hash: b9848ca273add3d1899e7920b28278ae6c83b79bd7dfb1b696caaf6c676216f6
                                                                                                                                                          • Instruction Fuzzy Hash: 15917AB5200701DFD334CF25E890A27B7F6FF89314B118A6CE8968BA95DB39E855CB50
                                                                                                                                                          Function 01010228 Relevance: .2, Instructions: 218COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 315 1010228-101023b 316 1010440-1010458 call 1045700 315->316 317 1010480 315->317 318 1010242-1010244 315->318 319 1010482-1010484 315->319 320 1010246-1010260 315->320 321 1010386-101038c 315->321 322 1010308-101030c 315->322 323 10103ec-10103f4 315->323 324 1010311-1010332 315->324 325 1010370-101037e 315->325 326 10103d0-10103d7 315->326 327 1010393-1010397 315->327 328 1010472-1010477 315->328 329 1010417-1010430 315->329 330 1010356 315->330 331 1010339-101034f 315->331 332 101045b-1010469 call 1045700 315->332 333 10103fb-1010414 315->333 334 101035f-1010367 315->334 335 10103be 315->335 336 10103de-10103e3 315->336 316->332 340 1010296-10102bd 318->340 338 101048d-1010b30 319->338 341 1010262 320->341 342 1010294 320->342 321->317 321->319 321->327 321->328 322->338 323->317 323->319 323->327 323->328 323->333 324->316 324->317 324->319 324->321 324->323 324->325 324->326 324->327 324->328 324->329 324->330 324->331 324->332 324->333 324->334 324->335 324->336 325->321 326->317 326->319 326->321 326->323 326->327 326->328 326->329 326->333 326->336 351 10103a0-10103b7 327->351 328->317 329->316 330->334 331->316 331->317 331->319 331->321 331->323 331->325 331->326 331->327 331->328 331->329 331->330 331->332 331->333 331->334 331->335 331->336 332->328 333->329 334->325 335->326 336->323 344 10102ea-1010301 340->344 345 10102bf 340->345 352 1010270-1010292 call 1012eb0 341->352 342->340 344->316 344->317 344->319 344->321 344->322 344->323 344->324 344->325 344->326 344->327 344->328 344->329 344->330 344->331 344->332 344->333 344->334 344->335 344->336 353 10102c0-10102e8 call 1012e70 345->353 351->316 351->317 351->319 351->321 351->323 351->326 351->327 351->328 351->329 351->332 351->333 351->335 351->336 352->342 353->344
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7eaae4e9b4fddcba0d6461a4858b799b0abefc3f3ea2cb97427cc0724096794d
                                                                                                                                                          • Instruction ID: 5c9dfa411436f2f1c086d4684c01fe094ab3f72082087ef9f5775bfb4999f6ad
                                                                                                                                                          • Opcode Fuzzy Hash: 7eaae4e9b4fddcba0d6461a4858b799b0abefc3f3ea2cb97427cc0724096794d
                                                                                                                                                          • Instruction Fuzzy Hash: 08718AB8200701DFD7348F24E894A67B7F6FF89314F10896CE8868B659DB3AA855CB50
                                                                                                                                                          Function 010499D0 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 1921f3d28e2e2a46459167254accd60ebfaf2f0e52a6164f44a4972aedfa9472
                                                                                                                                                          • Instruction ID: 1e8f03658ec037d56c024da16ad2523634ebc6586fe260d4afbd6fec132a0069
                                                                                                                                                          • Opcode Fuzzy Hash: 1921f3d28e2e2a46459167254accd60ebfaf2f0e52a6164f44a4972aedfa9472
                                                                                                                                                          • Instruction Fuzzy Hash: 514162B4208300ABEB64DE19D9D4B2FBBE5EB89718F54887CE5C697241D335E811CB92
                                                                                                                                                          Function 010463B8 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: b5d40ac744ae49120f905e69dfd07f64be0c6e65f20aaee0f8760bb522ec6ccd
                                                                                                                                                          • Instruction ID: d8fc363abd0c3360561629247951d60fc7840ba467c3907ffcad5ea745dd1538
                                                                                                                                                          • Opcode Fuzzy Hash: b5d40ac744ae49120f905e69dfd07f64be0c6e65f20aaee0f8760bb522ec6ccd
                                                                                                                                                          • Instruction Fuzzy Hash: 4231E8B0645301BBDB24DA08CDC1F2B77E2FB81751F648528F2C1561D1E771B8108B51
                                                                                                                                                          Function 01010EEC Relevance: .1, Instructions: 72COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e87e3008428215b654a0c800bda46d68a2217bf4d3b897214a1e101ade00cd23
                                                                                                                                                          • Instruction ID: 4ee7c744dc5315d59ca41b5b6f4a8801fe58e0dc254596380167426a7d54948f
                                                                                                                                                          • Opcode Fuzzy Hash: e87e3008428215b654a0c800bda46d68a2217bf4d3b897214a1e101ade00cd23
                                                                                                                                                          • Instruction Fuzzy Hash: B2213AB490021A9FDB15CF94CC90BBEBBB1FF4A304F144849E591BB395C739A941CB64
                                                                                                                                                          Function 01043220 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 202 1043220-104322f 203 1043236-1043252 202->203 204 10432a0 202->204 205 10432a2-10432a6 RtlFreeHeap 202->205 206 10432ac-10432b0 202->206 207 1043254 203->207 208 1043286-1043296 203->208 204->205 205->206 209 1043260-1043284 call 1045af0 207->209 208->204 209->208
                                                                                                                                                          APIs
                                                                                                                                                          • RtlFreeHeap.NTDLL(?,00000000), ref: 010432A6
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FreeHeap
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3298025750-0
                                                                                                                                                          • Opcode ID: 1dcf1233233ca1cb97f08da8924a98f91e6d9d500c016d1d30419b3232cd9a17
                                                                                                                                                          • Instruction ID: d650f4abb330fd2ebb3eb1054cb844db0311cc354132f3dd229913eb0267feea
                                                                                                                                                          • Opcode Fuzzy Hash: 1dcf1233233ca1cb97f08da8924a98f91e6d9d500c016d1d30419b3232cd9a17
                                                                                                                                                          • Instruction Fuzzy Hash: 1B01467450D3509BC711AB18E989A1ABBE8FF5AB00F05882CE5C58B351D23ADC60CBA2
                                                                                                                                                          Function 01043202 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 213 1043202-1043211 RtlAllocateHeap
                                                                                                                                                          APIs
                                                                                                                                                          • RtlAllocateHeap.NTDLL(?,00000000), ref: 01043208
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                          • Opcode ID: 8334410b50467eb8273dff151427bbeace912c55d43c72bb01bfb018454c847d
                                                                                                                                                          • Instruction ID: 19d24441aeb92577d124d29e6b0f4529dd31dfd23e05df51c95d007878ea213f
                                                                                                                                                          • Opcode Fuzzy Hash: 8334410b50467eb8273dff151427bbeace912c55d43c72bb01bfb018454c847d
                                                                                                                                                          • Instruction Fuzzy Hash: 1CB012300401005FDB141B00EC0AF013510FB00605F800050A100040B1E1665864D755

                                                                                                                                                          Non-executed Functions

                                                                                                                                                          Function 0101DB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
                                                                                                                                                          • API String ID: 2994545307-1418943773
                                                                                                                                                          • Opcode ID: 50b0167ba0a4cea4d422e0aa242af7525e77b670bb255e7cda0113d7911e5557
                                                                                                                                                          • Instruction ID: 543d98b5ee6985c54bf24d80e8fd40e24ed467236fcac28ed711f7bae991475c
                                                                                                                                                          • Opcode Fuzzy Hash: 50b0167ba0a4cea4d422e0aa242af7525e77b670bb255e7cda0113d7911e5557
                                                                                                                                                          • Instruction Fuzzy Hash: EFF27AB05093829BD7B1CF18C484BAFBBE2BFD5304F54486CE9C98B255D7399885CB92
                                                                                                                                                          Function 010323E0 Relevance: 31.3, APIs: 4, Strings: 12, Instructions: 3298COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C
                                                                                                                                                          • API String ID: 0-786070067
                                                                                                                                                          • Opcode ID: 122411c73d3f30b4be6864d6093ac951917dd497f89e48295d2fabb29b2a33b9
                                                                                                                                                          • Instruction ID: 6535de2adbfda905611dc3f17cc85faef64a7691f7fca519234ed9730c6b5d9a
                                                                                                                                                          • Opcode Fuzzy Hash: 122411c73d3f30b4be6864d6093ac951917dd497f89e48295d2fabb29b2a33b9
                                                                                                                                                          • Instruction Fuzzy Hash: 0F33DC70504B81CFE7658F38C590762BBE5BF96304F58899DD4DA8BB82C736E806CB61
                                                                                                                                                          Function 01029F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
                                                                                                                                                          • API String ID: 0-1131134755
                                                                                                                                                          • Opcode ID: f975b6736105b6e4cc7c34d8eeee0809792ed22823fc73601e63d419a104e094
                                                                                                                                                          • Instruction ID: 74c7c117204a74edd46822f51d5cef4a5413a7bfb42382aae3feea08901fb430
                                                                                                                                                          • Opcode Fuzzy Hash: f975b6736105b6e4cc7c34d8eeee0809792ed22823fc73601e63d419a104e094
                                                                                                                                                          • Instruction Fuzzy Hash: A652B6B814D385CAE270CF25D681B8EBAF1BB92740F609A1DE1ED5B255DBB08045CF93
                                                                                                                                                          Function 01029510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
                                                                                                                                                          • API String ID: 0-655414846
                                                                                                                                                          • Opcode ID: b3c8812b638225496961bf5cb5f4dcdc82fc78633ad22027450561652e081efa
                                                                                                                                                          • Instruction ID: 21a3c69d616c04342808223857841e364cd3220b899c4174c5cebc2ea8364182
                                                                                                                                                          • Opcode Fuzzy Hash: b3c8812b638225496961bf5cb5f4dcdc82fc78633ad22027450561652e081efa
                                                                                                                                                          • Instruction Fuzzy Hash: 45F14EB0508391ABE310DF19D880A2BBBF4FB9AB48F444D1CF5D99B252D375D908CB96
                                                                                                                                                          Function 0102DD29 Relevance: 14.9, Strings: 11, Instructions: 1142COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$upH}${E
                                                                                                                                                          • API String ID: 0-1557708024
                                                                                                                                                          • Opcode ID: c9f9b885762b89ad18bebdc10594fccebaf0c790abac61c88bfb6a161d856217
                                                                                                                                                          • Instruction ID: 93abdc975d4b632b63b0c9b0271e39198967b2b4187c3cc98292c83e280b7717
                                                                                                                                                          • Opcode Fuzzy Hash: c9f9b885762b89ad18bebdc10594fccebaf0c790abac61c88bfb6a161d856217
                                                                                                                                                          • Instruction Fuzzy Hash: 2E92E271E00215CFDB14CF68D8907AEBBB2FF49314F2982A9D496AB391D735AD41CB90
                                                                                                                                                          Function 011D1C87 Relevance: 14.1, Strings: 10, Instructions: 1598COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 'qVk$S)=w$_~z$vGR#$w:Pw$zzy$}(f$~D~$=wW$^/w
                                                                                                                                                          • API String ID: 0-2051969475
                                                                                                                                                          • Opcode ID: 5d8a540f3c73c86ae7fdc2b19f9a9fb2330cc69487d7898f688892925da85cf4
                                                                                                                                                          • Instruction ID: 9b5e34e6b0d8d8ca84851f028d00226c9eb0e360572d7fdacfc9db24ed5e7830
                                                                                                                                                          • Opcode Fuzzy Hash: 5d8a540f3c73c86ae7fdc2b19f9a9fb2330cc69487d7898f688892925da85cf4
                                                                                                                                                          • Instruction Fuzzy Hash: F6B2F6F3A0C2149FE304AE2DDC8567AF7E5EF94720F1A492DEAC487740EA3598418797
                                                                                                                                                          Function 0102098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
                                                                                                                                                          • API String ID: 0-4102007303
                                                                                                                                                          • Opcode ID: f27736545b396c1e5d1542463e6536bd0fa0770802bcc10bf7f619fbb29a3405
                                                                                                                                                          • Instruction ID: 14ee8a34da1054c10b3ad42f51543c2859de00bf34dc8f64771276c92bad7182
                                                                                                                                                          • Opcode Fuzzy Hash: f27736545b396c1e5d1542463e6536bd0fa0770802bcc10bf7f619fbb29a3405
                                                                                                                                                          • Instruction Fuzzy Hash: CB6287B56083928BD7308F18D494BAFBBE1FF96314F08496DE4DA8B681E3759940CB53
                                                                                                                                                          Function 01001000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
                                                                                                                                                          • API String ID: 0-2517803157
                                                                                                                                                          • Opcode ID: 6daa400abc0ad01977eec418d81b92fccaa89ebb981db3a598510d1efce80356
                                                                                                                                                          • Instruction ID: ecab1ccdde471abbcb5d0f19ccb58e315589ba784fdef408869911ebaaec237f
                                                                                                                                                          • Opcode Fuzzy Hash: 6daa400abc0ad01977eec418d81b92fccaa89ebb981db3a598510d1efce80356
                                                                                                                                                          • Instruction Fuzzy Hash: 05D2F3716087418FE71ACE2CC49436ABBE2AFC9314F188A6DE5D98B3D1D734D945CB82
                                                                                                                                                          Function 011DA033 Relevance: 9.1, Strings: 6, Instructions: 1636COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: $8{k$4x$Hpe]$Hpe]$R<~$w{
                                                                                                                                                          • API String ID: 0-2186833728
                                                                                                                                                          • Opcode ID: 1e0cd64ffeac60f570c842539f64a18a74d95428fcdab706dd7fef52659f60d0
                                                                                                                                                          • Instruction ID: 4f74424ef50f73fafba627fdd9283fc4fcd1e647952618b321f6eee2e9c769cd
                                                                                                                                                          • Opcode Fuzzy Hash: 1e0cd64ffeac60f570c842539f64a18a74d95428fcdab706dd7fef52659f60d0
                                                                                                                                                          • Instruction Fuzzy Hash: D5B217F360C2049FE7086E29EC8567ABBE9EF94720F16493DEAC4C7744EA3558018797
                                                                                                                                                          Function 010012F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 0$0$0$@$i
                                                                                                                                                          • API String ID: 0-3124195287
                                                                                                                                                          • Opcode ID: 714571c09ee01804b1dcc3cd69683aaa16996e603f1801db2f3d653d37a061f5
                                                                                                                                                          • Instruction ID: 48458edba73362f1b4148e7ea2a4b41a106e7c69515193b896ad557f328691cf
                                                                                                                                                          • Opcode Fuzzy Hash: 714571c09ee01804b1dcc3cd69683aaa16996e603f1801db2f3d653d37a061f5
                                                                                                                                                          • Instruction Fuzzy Hash: 6B62F27160C3818FE31ACE28C49476EBBE1AFC5304F188A6DE9D9872D1D775D949CB82
                                                                                                                                                          Function 0100164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                                                                                          • API String ID: 0-1123320326
                                                                                                                                                          • Opcode ID: 046f1b7669d336cd647240d3faa11cb83a69c78b5fafa01dee360670f751091a
                                                                                                                                                          • Instruction ID: 2cb80609ff4330bb490e4950df2aef9c00a93fe71d402f013e37b1a48ab68eeb
                                                                                                                                                          • Opcode Fuzzy Hash: 046f1b7669d336cd647240d3faa11cb83a69c78b5fafa01dee360670f751091a
                                                                                                                                                          • Instruction Fuzzy Hash: A8F1913160C7818FE716CE28C48426EFFE2ABD9304F088A6DE5D987392D775D945CB92
                                                                                                                                                          Function 010013A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                                                                                          • API String ID: 0-3620105454
                                                                                                                                                          • Opcode ID: d3fa451944a3e637982cee2c07ee42dced982407fbab1d93b7a17257a8ab8ea2
                                                                                                                                                          • Instruction ID: c25992afb63bde0d9b7a1f63b1c204225a065f9cc22fe0222eed8bd3a2042eb6
                                                                                                                                                          • Opcode Fuzzy Hash: d3fa451944a3e637982cee2c07ee42dced982407fbab1d93b7a17257a8ab8ea2
                                                                                                                                                          • Instruction Fuzzy Hash: 92D1903160C7828FD716CE29C48426AFFE2AFD9304F08CA6DE5D987396D634D949CB52
                                                                                                                                                          Function 011D8621 Relevance: 6.6, Strings: 4, Instructions: 1615COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 74;$_\[$sB{U$v$='
                                                                                                                                                          • API String ID: 0-4280584571
                                                                                                                                                          • Opcode ID: 0699cee172ae117227b17f537e16234902793de3a777242eacc823174a1837ab
                                                                                                                                                          • Instruction ID: 778c24e40426cd7eb00453b4a46650db22e045fe4215d4d7f55f54f5e44ef9ae
                                                                                                                                                          • Opcode Fuzzy Hash: 0699cee172ae117227b17f537e16234902793de3a777242eacc823174a1837ab
                                                                                                                                                          • Instruction Fuzzy Hash: 24B2E4F360C7049FE3086E2DEC8567AFBE9EB94720F16493DEAC4C3744EA3558448696
                                                                                                                                                          Function 011D37F9 Relevance: 6.6, Strings: 4, Instructions: 1560COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 9,:j$COE{$E y~$KjE
                                                                                                                                                          • API String ID: 0-2208128727
                                                                                                                                                          • Opcode ID: adf9f227436c3302780b6317ac642e66461e15ca84e05c46283571fbebbb3fd1
                                                                                                                                                          • Instruction ID: db47f8a9dcf78eb0c5c8e11785f2a883a727796be2a5baec40659593172395cf
                                                                                                                                                          • Opcode Fuzzy Hash: adf9f227436c3302780b6317ac642e66461e15ca84e05c46283571fbebbb3fd1
                                                                                                                                                          • Instruction Fuzzy Hash: 4DA208F360C2049FE304AE2DEC8567ABBE6EF94720F1A853DE6C4C7744EA3558058697
                                                                                                                                                          Function 011D0228 Relevance: 6.6, Strings: 4, Instructions: 1552COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: a}$3^_~$P]&\$=wg
                                                                                                                                                          • API String ID: 0-3678600224
                                                                                                                                                          • Opcode ID: 8618e88ed0cdf9e393d924b11c6d44f1e40c4c4d5330de3ad968186eaa433bac
                                                                                                                                                          • Instruction ID: 86308df3e8dc87d03a50e86d4e714efa1e203e614c1df84de43b5336276f3506
                                                                                                                                                          • Opcode Fuzzy Hash: 8618e88ed0cdf9e393d924b11c6d44f1e40c4c4d5330de3ad968186eaa433bac
                                                                                                                                                          • Instruction Fuzzy Hash: F4B2D2F250C204AFE7086F29EC8567AFBE9EF94720F16492DE6C5C3740EA3558448B97
                                                                                                                                                          Function 0102FD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: :$NA_I$m1s3$uvw
                                                                                                                                                          • API String ID: 0-3973114637
                                                                                                                                                          • Opcode ID: e3aa329a5d2235da74aa9ef88c92871b54a688ceef33f5f8e23e3a8a2928aeb0
                                                                                                                                                          • Instruction ID: 354fed83ccc6326c2be4d67feee2082c1642023e0b714c6b7249fb243f27989e
                                                                                                                                                          • Opcode Fuzzy Hash: e3aa329a5d2235da74aa9ef88c92871b54a688ceef33f5f8e23e3a8a2928aeb0
                                                                                                                                                          • Instruction Fuzzy Hash: 5D32BAB0508381DFE311DF29D880B2BBBE9BB8A354F144A6CF5D58B296D336D905CB52
                                                                                                                                                          Function 01013BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+($;z$p$ss
                                                                                                                                                          • API String ID: 0-2391135358
                                                                                                                                                          • Opcode ID: f009a652e45e6d2cf3a821285459791274b1f359aba4d207dde7ead4e4cb45eb
                                                                                                                                                          • Instruction ID: c3b77740d282e1ba3508cc98d7c279237c1e1217c79de35d4bc12eedb5bbbe0b
                                                                                                                                                          • Opcode Fuzzy Hash: f009a652e45e6d2cf3a821285459791274b1f359aba4d207dde7ead4e4cb45eb
                                                                                                                                                          • Instruction Fuzzy Hash: 11025BB4810700DFD760EF28D986756BFF5FB06301F40895DE8DA8B689E335A419CBA2
                                                                                                                                                          Function 011D6BB8 Relevance: 5.4, Strings: 3, Instructions: 1647COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: AVKz$h`}$pd$s
                                                                                                                                                          • API String ID: 0-1512073216
                                                                                                                                                          • Opcode ID: 1fdb7c1dc7c5acb3700ed2f3b736c9ea805842b6b7192daadeb830fa7fc06784
                                                                                                                                                          • Instruction ID: 2f23bab942edac51b5d6c212d1b511ce73406ba50cab46f200c2a1af13669d45
                                                                                                                                                          • Opcode Fuzzy Hash: 1fdb7c1dc7c5acb3700ed2f3b736c9ea805842b6b7192daadeb830fa7fc06784
                                                                                                                                                          • Instruction Fuzzy Hash: AAB23BF3A0C2149FE3046E2DEC8567ABBE5EF94320F16863DEAC4C7744EA3558018697
                                                                                                                                                          Function 01022260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: a|$hu$lc$sj
                                                                                                                                                          • API String ID: 0-3748788050
                                                                                                                                                          • Opcode ID: dae05a048d0a8ffb67c366aa00adff9833a878b24eca6d3a92b45edbc851e0c5
                                                                                                                                                          • Instruction ID: a38f800d3971eac10c3abc8878f014223430d81d3b7f79b720355d84bbea6723
                                                                                                                                                          • Opcode Fuzzy Hash: dae05a048d0a8ffb67c366aa00adff9833a878b24eca6d3a92b45edbc851e0c5
                                                                                                                                                          • Instruction Fuzzy Hash: DEA1AC704083518BC321DF58C891A2BF7F0FF96354F588A4CE8D99B2A1E735D945CBA6
                                                                                                                                                          Function 0102D7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: #'$CV$KV$T>
                                                                                                                                                          • API String ID: 0-95592268
                                                                                                                                                          • Opcode ID: f267f2b6644fcdcf1e77dda334397b4b5994ce2f60777c5e0df439bdf9b67981
                                                                                                                                                          • Instruction ID: 16230dc1da80de925ba6b13d3dd88c3cb272ae968560f90dd631ee265dc89501
                                                                                                                                                          • Opcode Fuzzy Hash: f267f2b6644fcdcf1e77dda334397b4b5994ce2f60777c5e0df439bdf9b67981
                                                                                                                                                          • Instruction Fuzzy Hash: 388156B48017469FCB20DFA5D28519EBFB1FF16200F60460CE4866BA55C330AA55CFE3
                                                                                                                                                          Function 0102AC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: (g6e$,{*y$4c2a$lk
                                                                                                                                                          • API String ID: 0-1327526056
                                                                                                                                                          • Opcode ID: 8387884e07d124cf06608a500f11b805584013338e5641c4a38be5d661f15a2c
                                                                                                                                                          • Instruction ID: 4c1098b985439631ce35bf19e7e5d966bd3a4935b062a0f84883e66d08beb211
                                                                                                                                                          • Opcode Fuzzy Hash: 8387884e07d124cf06608a500f11b805584013338e5641c4a38be5d661f15a2c
                                                                                                                                                          • Instruction Fuzzy Hash: 0241B7B4508382CBD7209F24D500BABB7F4FF86305F54995DE6C997210EB76D908CB96
                                                                                                                                                          Function 0102C470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+($%*+($~/i!
                                                                                                                                                          • API String ID: 0-4033100838
                                                                                                                                                          • Opcode ID: 289cb89b62d9087cba4b67052e0a4b4914a6332d361cd9eecefbe5c2cabba80a
                                                                                                                                                          • Instruction ID: f10fc0bce7fbe029dc848900e82cb80a1c1692f6b46a5ee2b5e7d8e3ba15a42c
                                                                                                                                                          • Opcode Fuzzy Hash: 289cb89b62d9087cba4b67052e0a4b4914a6332d361cd9eecefbe5c2cabba80a
                                                                                                                                                          • Instruction Fuzzy Hash: 2EE175B5518340DFE3209F68D884B5FBBE5FB89354F48892CE6C987241D736D815CBA2
                                                                                                                                                          Function 01008590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: )$)$IEND
                                                                                                                                                          • API String ID: 0-588110143
                                                                                                                                                          • Opcode ID: c84568c436d4cb29a9d8efd45e504c39ff6fd97ecffaeb9adc40c70373537dff
                                                                                                                                                          • Instruction ID: 75f96f0572b3c2feb13dbcb1e4e183a7c1098d97cf3ff0997453b1da79bb1aab
                                                                                                                                                          • Opcode Fuzzy Hash: c84568c436d4cb29a9d8efd45e504c39ff6fd97ecffaeb9adc40c70373537dff
                                                                                                                                                          • Instruction Fuzzy Hash: CAE19DB1A087029FF311DF28C88075ABBE0BB99314F148A2EE9D5973C1D775E955CB82
                                                                                                                                                          Function 01044040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+($f
                                                                                                                                                          • API String ID: 0-2038831151
                                                                                                                                                          • Opcode ID: faa3f5c582c925e75101ae54eee73e8d38ab48d70db915bb488220a52e5dd69e
                                                                                                                                                          • Instruction ID: e9074f76194e8bf3a23fc07cc3e0f131b611fbe58ade5bdd5e1dba3cb344e3c7
                                                                                                                                                          • Opcode Fuzzy Hash: faa3f5c582c925e75101ae54eee73e8d38ab48d70db915bb488220a52e5dd69e
                                                                                                                                                          • Instruction Fuzzy Hash: CD1297B16083419FD715CF18D880B2EBBE2FB89314F588A6CE9D5DB291D735E805CB92
                                                                                                                                                          Function 0103F620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: dg$hi
                                                                                                                                                          • API String ID: 0-2859417413
                                                                                                                                                          • Opcode ID: 1f57796c3fd8536a99ed704b0958e0522a94c4ff56bda36527b7166c5ac584f2
                                                                                                                                                          • Instruction ID: 358b3ecf4e9cec8bcaa1cb4271e74b45065fc38c4ee21d1761129d78925b2711
                                                                                                                                                          • Opcode Fuzzy Hash: 1f57796c3fd8536a99ed704b0958e0522a94c4ff56bda36527b7166c5ac584f2
                                                                                                                                                          • Instruction Fuzzy Hash: 98F17371A18342EFE3148F24E890B6ABBE9EFC5354F14892DF1C58B2A1C739D845CB12
                                                                                                                                                          Function 010035B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Inf$NaN
                                                                                                                                                          • API String ID: 0-3500518849
                                                                                                                                                          • Opcode ID: 50b1d02d2772a467f06b2a750ed69bd71a89d6c2d48aca78126df13bad869418
                                                                                                                                                          • Instruction ID: e78159cf64323415c203bae7a28ecbc3da237530d51922837568072856c3fde5
                                                                                                                                                          • Opcode Fuzzy Hash: 50b1d02d2772a467f06b2a750ed69bd71a89d6c2d48aca78126df13bad869418
                                                                                                                                                          • Instruction Fuzzy Hash: E8D1CFB1A083119FD7168F28C98061EBBE1FBC8750F148A6DE9D99B3D0E675DD448B82
                                                                                                                                                          Function 011D51DA Relevance: 2.8, Strings: 1, Instructions: 1584COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: i<f
                                                                                                                                                          • API String ID: 0-1330402925
                                                                                                                                                          • Opcode ID: e088cb1f61b4ecd2f37b0b46bbc51b947a926d74a326aa18182a1d33fb0709d9
                                                                                                                                                          • Instruction ID: aa17805be5bcf2cc9cf66c3f213b6258c876740af35b645bbb87d9e08e6c2bdc
                                                                                                                                                          • Opcode Fuzzy Hash: e088cb1f61b4ecd2f37b0b46bbc51b947a926d74a326aa18182a1d33fb0709d9
                                                                                                                                                          • Instruction Fuzzy Hash: 66B207F360C204AFE3146E2DEC8567ABBE5EF94320F16493DEAC5D3744E63558018697
                                                                                                                                                          Function 0110F04D Relevance: 2.7, Strings: 2, Instructions: 225COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 4COs$uSs&
                                                                                                                                                          • API String ID: 0-3715554506
                                                                                                                                                          • Opcode ID: 3ca75a0f6d57c37b6be162a5a4667dd91b4b210cc8c6f3d52577c751a8126967
                                                                                                                                                          • Instruction ID: b9dfd6bf75a217c55b9c658beee3473746aa56d9a2d8b2525917a5d09c2f96fd
                                                                                                                                                          • Opcode Fuzzy Hash: 3ca75a0f6d57c37b6be162a5a4667dd91b4b210cc8c6f3d52577c751a8126967
                                                                                                                                                          • Instruction Fuzzy Hash: 216146F3F082245BE7085E3DDC5476ABAD5DB90360F1A4A3EEA89D3B84D4798C0582C6
                                                                                                                                                          Function 0101FFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: BaBc$Ye[g
                                                                                                                                                          • API String ID: 0-286865133
                                                                                                                                                          • Opcode ID: cdb747eaed6381529e082e4222cbbc2dbb571b10d950a288b761bd15a5d16645
                                                                                                                                                          • Instruction ID: a8a03c74c527f5d00cb00a694645aea13c9113a0018c8531fab990967a214349
                                                                                                                                                          • Opcode Fuzzy Hash: cdb747eaed6381529e082e4222cbbc2dbb571b10d950a288b761bd15a5d16645
                                                                                                                                                          • Instruction Fuzzy Hash: CF51BDB16083918BE332CF18C880BABB7E0FF86324F19495DE4DA8B655E3789544CB57
                                                                                                                                                          Function 011CD877 Relevance: 1.9, Strings: 1, Instructions: 649COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 8t:b
                                                                                                                                                          • API String ID: 0-3241546195
                                                                                                                                                          • Opcode ID: 79ec301d3c9419795bf87b950416e6ec83baa0df693b8e8583b11153e3bc578f
                                                                                                                                                          • Instruction ID: b6a3da0c0b0d6190fb18b84c2e6376d372867057710bc91913f13346a7e77167
                                                                                                                                                          • Opcode Fuzzy Hash: 79ec301d3c9419795bf87b950416e6ec83baa0df693b8e8583b11153e3bc578f
                                                                                                                                                          • Instruction Fuzzy Hash: BE12E5F360C2009FE315AE2DEC817BABBE5EF98720F19853DE6C4C7744E63598058696
                                                                                                                                                          Function 01005160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %1.17g
                                                                                                                                                          • API String ID: 0-1551345525
                                                                                                                                                          • Opcode ID: d3605f2c74664f68dd66c949b6d79c21c4a47c7e642232118db5b56ea8b9c5f3
                                                                                                                                                          • Instruction ID: 3e15cb2f3afdd0cf90eb54b8b15b61a052fcb7f9684e6d4376ca4a06f5493e09
                                                                                                                                                          • Opcode Fuzzy Hash: d3605f2c74664f68dd66c949b6d79c21c4a47c7e642232118db5b56ea8b9c5f3
                                                                                                                                                          • Instruction Fuzzy Hash: 6822A3B6A087428BF7578E189D4032ABFE2AFE1214F1985ADD9D94B3C1E771D805CF42
                                                                                                                                                          Function 010312D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: "
                                                                                                                                                          • API String ID: 0-123907689
                                                                                                                                                          • Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                                                                                                          • Instruction ID: bd0b421829f6317296ec1478109b034561aa0d51d940000aadd34b08c329564e
                                                                                                                                                          • Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                                                                                                          • Instruction Fuzzy Hash: E9F12871A083415FD725CF29C49066BBBEAAFC9254F0CC9ADE8D987382DA34DD05C792
                                                                                                                                                          Function 0102AE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+(
                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                          • Opcode ID: 48faad1613a89e87cbcfb5eaf26091120d055850d79c4517272cde41262aa418
                                                                                                                                                          • Instruction ID: 5221731a6701aeadb42c4630c5efb156f7f697c1161a34c69d27675334a48140
                                                                                                                                                          • Opcode Fuzzy Hash: 48faad1613a89e87cbcfb5eaf26091120d055850d79c4517272cde41262aa418
                                                                                                                                                          • Instruction Fuzzy Hash: B8E1A871608316CBC324DF28C480A6FB7F2FF98791F54891CE9C587264E735A959CB82
                                                                                                                                                          Function 01016EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+(
                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                          • Opcode ID: f819d5035e029fc382d16d56c7510d602b1a30478f2d8d19b1898c6bb0fff78c
                                                                                                                                                          • Instruction ID: 915e5e29cec0b7bc9074c4636fc339a02daa73d6b2a1d84e958cb9e776653e2e
                                                                                                                                                          • Opcode Fuzzy Hash: f819d5035e029fc382d16d56c7510d602b1a30478f2d8d19b1898c6bb0fff78c
                                                                                                                                                          • Instruction Fuzzy Hash: 28F1BDB5A00602CFD725DF28D980A66B3F2FF48314B148A6CD4D787A95EB7AF851CB41
                                                                                                                                                          Function 01027E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+(
                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                          • Opcode ID: 5581dc5afcc95654f98376c9509bb1c7c64588d1a69aaa467f17de0b67709c73
                                                                                                                                                          • Instruction ID: bc6b96f6d3b8c62f9095f43a93fd8db4c9c27d463039b4138c20e19cade23fc5
                                                                                                                                                          • Opcode Fuzzy Hash: 5581dc5afcc95654f98376c9509bb1c7c64588d1a69aaa467f17de0b67709c73
                                                                                                                                                          • Instruction Fuzzy Hash: 65C10275508321ABE751EF18C881A2BBBF5EF96354F18885DF9C587291E335E810CBA3
                                                                                                                                                          Function 01028D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+(
                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                          • Opcode ID: faa3fb39afc915dc22a80e3630bab0332095fa0ce0bd53ebd808732b6fef61a9
                                                                                                                                                          • Instruction ID: 0ab31ad676fe59ada212e19b69d96914fc647a150a645893ac8d1f014080e428
                                                                                                                                                          • Opcode Fuzzy Hash: faa3fb39afc915dc22a80e3630bab0332095fa0ce0bd53ebd808732b6fef61a9
                                                                                                                                                          • Instruction Fuzzy Hash: F3D1AB74618312DFD714EF28D890A6EB7E5FF89314F49886CE8C687245D73AE850CB61
                                                                                                                                                          Function 01047FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: P
                                                                                                                                                          • API String ID: 0-3110715001
                                                                                                                                                          • Opcode ID: 619a7f11b930727a667bbb829334613b0aadaeacebdebb53af975e83824c1fb1
                                                                                                                                                          • Instruction ID: 0eeaafb17e752c1d6f86c2391a55e766809abf6c363e2786dfb480797c9e101c
                                                                                                                                                          • Opcode Fuzzy Hash: 619a7f11b930727a667bbb829334613b0aadaeacebdebb53af975e83824c1fb1
                                                                                                                                                          • Instruction Fuzzy Hash: 04D1E3B29082648FD725CE58D89071FB6E1EB85718F198A3DE9E5AB390CB71DC05C7C2
                                                                                                                                                          Function 0102CCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID: %*+(
                                                                                                                                                          • API String ID: 2994545307-3233224373
                                                                                                                                                          • Opcode ID: 5bfc63e0fd60826e822b068de2b8f99ea5cacab1c004fefe79f4c6b915339b1c
                                                                                                                                                          • Instruction ID: 6d189838554cee5b7d35fe2259ec1fa6e084abf5b0cb4266a3fe0b2feb2789f6
                                                                                                                                                          • Opcode Fuzzy Hash: 5bfc63e0fd60826e822b068de2b8f99ea5cacab1c004fefe79f4c6b915339b1c
                                                                                                                                                          • Instruction Fuzzy Hash: F5B120706083528BE714DF68D980B2FBBE2EF95350F18496CE6C58B351E335E855CBA2
                                                                                                                                                          Function 0100A850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: ,
                                                                                                                                                          • API String ID: 0-3772416878
                                                                                                                                                          • Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                                                                                                          • Instruction ID: 037feed042550ed74434a1271b9d526187ac70f55d4a9cf059839de66ec5d7b8
                                                                                                                                                          • Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                                                                                                          • Instruction Fuzzy Hash: 30B12871208381DFD325CF18C89061BFBE1AFA9604F488E6DF5D997382D671E618CB66
                                                                                                                                                          Function 0103FC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+(
                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                          • Opcode ID: 6466967686d3f4af411293c595fe9793310648144f255aec096a277ea8808794
                                                                                                                                                          • Instruction ID: 6cf9c30c9e7f251eec4442d8a8495d5daaaf9cbd0ead0b33c7ab92aef7e80deb
                                                                                                                                                          • Opcode Fuzzy Hash: 6466967686d3f4af411293c595fe9793310648144f255aec096a277ea8808794
                                                                                                                                                          • Instruction Fuzzy Hash: 9B81A0B1518306EFD710EF58E984A2BBBE9FB99705F04882CE5C587251D735E814CBA3
                                                                                                                                                          Function 0101D457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+(
                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                          • Opcode ID: 2ffb0a86700214566f8819c13b812c2477e64c1e2f3294209f3744ab7df1a2bd
                                                                                                                                                          • Instruction ID: 348c9cc98a9dd7df2a3991c8e025f27ae1d52dcc5087d092d6f0926b6e77111f
                                                                                                                                                          • Opcode Fuzzy Hash: 2ffb0a86700214566f8819c13b812c2477e64c1e2f3294209f3744ab7df1a2bd
                                                                                                                                                          • Instruction Fuzzy Hash: 2F61E471904311DBE721EF58D881A6BB3F1FF95354F080968F9C587295E739E910C792
                                                                                                                                                          Function 010B8933 Relevance: 1.5, Strings: 1, Instructions: 234COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: ofWj
                                                                                                                                                          • API String ID: 0-1455868942
                                                                                                                                                          • Opcode ID: afb6147148f9d2d4da40fe1d6cd43b97c2997a6d7dab74c71834481181e49a0a
                                                                                                                                                          • Instruction ID: 8ef02cf8f215b10636147e7a22e282c7ffe451b0fe918e8406644de40684f17f
                                                                                                                                                          • Opcode Fuzzy Hash: afb6147148f9d2d4da40fe1d6cd43b97c2997a6d7dab74c71834481181e49a0a
                                                                                                                                                          • Instruction Fuzzy Hash: 0D7168F3A083008FE3086E3DEC957BAB7E5EB94320F1A453DE6C5C3784E97958058686
                                                                                                                                                          Function 01044A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+(
                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                          • Opcode ID: a1acdef59aab6524ccc02806bcadd1c832d3cf585e6f477149176a682d2bb3be
                                                                                                                                                          • Instruction ID: 36bb82e6fe286a0636952dc55742821e1589a639b912478ea1501132bc3b057e
                                                                                                                                                          • Opcode Fuzzy Hash: a1acdef59aab6524ccc02806bcadd1c832d3cf585e6f477149176a682d2bb3be
                                                                                                                                                          • Instruction Fuzzy Hash: 7961E2B56083459BE751DF59D8C0B2ABBE6FBC4310F18896CEAC5C7291D732E810CB96
                                                                                                                                                          Function 0100E1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 0100E333
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
                                                                                                                                                          • API String ID: 0-2471034898
                                                                                                                                                          • Opcode ID: 4957f9fde52a996e87fac13e5e8cf2301c4d2e4bdc1d5eec1bd66ef0f63632b9
                                                                                                                                                          • Instruction ID: cd66cd3ebc2d5f27c819272d69c8735cd5a54e92022ba69c894c7b951ce4e400
                                                                                                                                                          • Opcode Fuzzy Hash: 4957f9fde52a996e87fac13e5e8cf2301c4d2e4bdc1d5eec1bd66ef0f63632b9
                                                                                                                                                          • Instruction Fuzzy Hash: 69512937B1AA904BF32A893C9D553A97FC30BD2234F2DCBA9E9F19B3E5D55648014390
                                                                                                                                                          Function 01043920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+(
                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                          • Opcode ID: 2cd8bac6269d4a5f8e5479c4c3bc2968a7c739bee3e736ff466b1ee6aad306f8
                                                                                                                                                          • Instruction ID: 9242d80d3741fb44d56f91057678c16ec792b61dc2ec277b6e24664b9fb9d469
                                                                                                                                                          • Opcode Fuzzy Hash: 2cd8bac6269d4a5f8e5479c4c3bc2968a7c739bee3e736ff466b1ee6aad306f8
                                                                                                                                                          • Instruction Fuzzy Hash: 60518EB4A093509BD725DF19D8C0A2EBBE5FF85744F18987CE5C69B251D332E820CB62
                                                                                                                                                          Function 011962AB Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: \ov
                                                                                                                                                          • API String ID: 0-2046780684
                                                                                                                                                          • Opcode ID: 3697110737534767a43c308038c574bd8b4d269e9d83e7eb6079e43190a702e8
                                                                                                                                                          • Instruction ID: 7824646b9203d8259b097f66c4090e891852b845e1a61e7592ee6f6de16f4770
                                                                                                                                                          • Opcode Fuzzy Hash: 3697110737534767a43c308038c574bd8b4d269e9d83e7eb6079e43190a702e8
                                                                                                                                                          • Instruction Fuzzy Hash: B241BFF291C3089FE314BE18EC8673AF3E8EB54750F16493DDAD583340FA356914869A
                                                                                                                                                          Function 01011BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: L3
                                                                                                                                                          • API String ID: 0-2730849248
                                                                                                                                                          • Opcode ID: 57a861b54976c9e9dd6fa281017742c8407260866e9ab205658cfadc4c772288
                                                                                                                                                          • Instruction ID: d2d8533479509fb313f9d32560e9e5599dbc85d51879c8c69488ae21def5c1b6
                                                                                                                                                          • Opcode Fuzzy Hash: 57a861b54976c9e9dd6fa281017742c8407260866e9ab205658cfadc4c772288
                                                                                                                                                          • Instruction Fuzzy Hash: CA4173B40083849BC718AF28D894A6FBBF0FF86214F04891CF6C59B291E73AC915CB57
                                                                                                                                                          Function 0103FF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+(
                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                          • Opcode ID: f6dea04df91ddcf19189ac6ad7a41f42492a8f5f3777ab4ee9b4dc2ebef5b988
                                                                                                                                                          • Instruction ID: 5c8a7edef1bb5355540b5710912bf35e66e987f689e3b4b227aae63ae18fe9b4
                                                                                                                                                          • Opcode Fuzzy Hash: f6dea04df91ddcf19189ac6ad7a41f42492a8f5f3777ab4ee9b4dc2ebef5b988
                                                                                                                                                          • Instruction Fuzzy Hash: 5D310CF1904305ABE711EA54ECC0B6B77E8EB85744F544878FAC5A7256E332E814C7A3
                                                                                                                                                          Function 0102E40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 72?1
                                                                                                                                                          • API String ID: 0-1649870076
                                                                                                                                                          • Opcode ID: 0c9fd77d912caebbb285ceff9deb5bc06e33476b34a3d020d48113d2922d80e1
                                                                                                                                                          • Instruction ID: 1278297b7122ac5a5e8b8b83e5ed4e3555a183adf70159cdb237ccf06ad6a74b
                                                                                                                                                          • Opcode Fuzzy Hash: 0c9fd77d912caebbb285ceff9deb5bc06e33476b34a3d020d48113d2922d80e1
                                                                                                                                                          • Instruction Fuzzy Hash: 5931E4B5A40315DFE720CF98E9806AFBBF4FB5A344F140868D5C6A7341D336A904CBA2
                                                                                                                                                          Function 01016F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %*+(
                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                          • Opcode ID: 4c2c0bbd80c88001a520bc9608cb255781d19ccbdd3b22012c8d0fa4cb9204d0
                                                                                                                                                          • Instruction ID: bf63a8f473cfd44da691f16dc2e4e5a742abcd212e6d33dbd41e4e66891f5643
                                                                                                                                                          • Opcode Fuzzy Hash: 4c2c0bbd80c88001a520bc9608cb255781d19ccbdd3b22012c8d0fa4cb9204d0
                                                                                                                                                          • Instruction Fuzzy Hash: 53414779200B04DBD7358B65D994F27BBF2FB09701F54895CE6C69BA99E37AF8008B10
                                                                                                                                                          Function 0102E66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 72?1
                                                                                                                                                          • API String ID: 0-1649870076
                                                                                                                                                          • Opcode ID: d0bcf762df6033be14f4323e976274b86d9fab2639d39e762a052f8913df6b56
                                                                                                                                                          • Instruction ID: fb6ae02f2fa414ece6730cd0b29aedc275bb3a0bb48a6d2dabc189ad4ee47d89
                                                                                                                                                          • Opcode Fuzzy Hash: d0bcf762df6033be14f4323e976274b86d9fab2639d39e762a052f8913df6b56
                                                                                                                                                          • Instruction Fuzzy Hash: 9921E0B5A40715DFD720CF98D980AAFBBF5BB1A744F18085CD4C6AB341C336A900CBA2
                                                                                                                                                          Function 01049CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID: @
                                                                                                                                                          • API String ID: 2994545307-2766056989
                                                                                                                                                          • Opcode ID: 66a722ca2d3068bb10055228c6a728b0585a387dddee7fab288defd5bd83caa9
                                                                                                                                                          • Instruction ID: 05f012537f987952619cfa498025db97a532824a422be343d705aad160c545e3
                                                                                                                                                          • Opcode Fuzzy Hash: 66a722ca2d3068bb10055228c6a728b0585a387dddee7fab288defd5bd83caa9
                                                                                                                                                          • Instruction Fuzzy Hash: 733166B05083009BD710EF19D880A2BFBF9FF9A318F14896CE6C597251D335D904CBA6
                                                                                                                                                          Function 01014E2A Relevance: 1.0, Instructions: 957COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7522995b3b34bfb85f84f5142b6814fcb58d97d3711ad9247955511afffc022c
                                                                                                                                                          • Instruction ID: 56d96bc8b3f911f53081a6251845b31487110da6c4982e09cc6936ed469d43e1
                                                                                                                                                          • Opcode Fuzzy Hash: 7522995b3b34bfb85f84f5142b6814fcb58d97d3711ad9247955511afffc022c
                                                                                                                                                          • Instruction Fuzzy Hash: 27627CB0500B018FD726CF28D990B67B7F6AF86704F58895CD4DA8BA56E739F804CB91
                                                                                                                                                          Function 0100BEB0 Relevance: .9, Instructions: 895COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                                                                                                          • Instruction ID: e0b4c37b40ec55f56c537cda62640011498ca419ea5e3f881119e6a84ab9a9a0
                                                                                                                                                          • Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                                                                                                          • Instruction Fuzzy Hash: 8452F4319087118BE3669F1CD9402BAB3E1FFC9319F194BADD9C6932C1DB34A451C786
                                                                                                                                                          Function 01048652 Relevance: .7, Instructions: 710COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ad9b0298573608a7b018d1923c4a654b362eb6f562017da416438a0103bae631
                                                                                                                                                          • Instruction ID: 306a414af3076b7b1c2bac51c7deaaf5d9ef6d3f2f368a12d0884c5763ba62ab
                                                                                                                                                          • Opcode Fuzzy Hash: ad9b0298573608a7b018d1923c4a654b362eb6f562017da416438a0103bae631
                                                                                                                                                          • Instruction Fuzzy Hash: 5D22A775608341CFD714DF68E49066ABBE1FB8A319F09887DE5C9C7241E73AD990CB82
                                                                                                                                                          Function 010486F0 Relevance: .7, Instructions: 681COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 560d6b5cf212ed79955bd0560c4f16f4b189b2d96a73260b7ba6fa3eb0498aaf
                                                                                                                                                          • Instruction ID: 6dc972c0c2a906ef90117ffc9aff01d14ad705ab56a1ea485612af651899dd1c
                                                                                                                                                          • Opcode Fuzzy Hash: 560d6b5cf212ed79955bd0560c4f16f4b189b2d96a73260b7ba6fa3eb0498aaf
                                                                                                                                                          • Instruction Fuzzy Hash: 2022A875608340DFD314DF68E49066ABBE1FB8A315F09897DE5C9C7251E73AE890CB82
                                                                                                                                                          Function 0100B3A0 Relevance: .7, Instructions: 670COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 84eb25e8f9e1473c9116f12ff266d0224e247192ff6e3eb14f3931d697ed2e02
                                                                                                                                                          • Instruction ID: ec1fd031d117ce40e2e377cf32a5445d4342f828e75c837450b23ec99f86085f
                                                                                                                                                          • Opcode Fuzzy Hash: 84eb25e8f9e1473c9116f12ff266d0224e247192ff6e3eb14f3931d697ed2e02
                                                                                                                                                          • Instruction Fuzzy Hash: FA52C574908B888FF777CB28C0847A7BBE1AB85314F144CADC5D606AC3C779A585CB51
                                                                                                                                                          Function 010071F0 Relevance: .7, Instructions: 657COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 806c4ef998dec115f1a4aebefa977b78c5d11a76a34035a3888a8a35010f28f1
                                                                                                                                                          • Instruction ID: 8d0f729aedf7a5f1ae9c463f2cbc3628dadcd815e32f549cb9ecc6aeb54cbbc7
                                                                                                                                                          • Opcode Fuzzy Hash: 806c4ef998dec115f1a4aebefa977b78c5d11a76a34035a3888a8a35010f28f1
                                                                                                                                                          • Instruction Fuzzy Hash: 0F52D5315083458FE756CF18C0906EEBBE1BF88314F198A6DE8D957382D778E989CB81
                                                                                                                                                          Function 01008FD0 Relevance: .6, Instructions: 620COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 001111752badd92a9243a8074f1a9b89cf7ab44ae01dcc690ebbff18c154e640
                                                                                                                                                          • Instruction ID: 18ce3f91c0aa381faa0e360792668decdd36e278cf7a20ff7861b8da8cc3e1e1
                                                                                                                                                          • Opcode Fuzzy Hash: 001111752badd92a9243a8074f1a9b89cf7ab44ae01dcc690ebbff18c154e640
                                                                                                                                                          • Instruction Fuzzy Hash: 104278B9608301DFE714CF28D59475ABBE1BF88315F09886CE5898B392D73AD945CF82
                                                                                                                                                          Function 01007BF0 Relevance: .6, Instructions: 592COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: cfa8e1e7164fa4f2cec367d2acafd72d30aeccf7af06de99190948e04a56aad7
                                                                                                                                                          • Instruction ID: 12397cb464e6583a075dcc4c63946772b42c32ced447041b9bcb4123ff19b594
                                                                                                                                                          • Opcode Fuzzy Hash: cfa8e1e7164fa4f2cec367d2acafd72d30aeccf7af06de99190948e04a56aad7
                                                                                                                                                          • Instruction Fuzzy Hash: 51322270914B118FE37ACF29C59056ABBF1BF85210B548A2ED6E787B91D73AF840CB10
                                                                                                                                                          Function 010489A0 Relevance: .5, Instructions: 545COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 99404c4e3d62d7d84cc3840e1479f0c01c75b7e863c0a4036b86d59e0cebb273
                                                                                                                                                          • Instruction ID: 2370426f70a53de85427674a1b67f03220a1b7cd7ac502eb1f309cecb27780d8
                                                                                                                                                          • Opcode Fuzzy Hash: 99404c4e3d62d7d84cc3840e1479f0c01c75b7e863c0a4036b86d59e0cebb273
                                                                                                                                                          • Instruction Fuzzy Hash: 2A029775608341DFC314DF68E480A6ABBE1EB8A319F09897DE5C9C7252D33AD950CB92
                                                                                                                                                          Function 01048A80 Relevance: .5, Instructions: 524COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 433ce52958b3db964057893b8677f0b86a8aba59004d51538d3be3e9373245ab
                                                                                                                                                          • Instruction ID: afc7fbcc5e5289bb88a3eef6b3a59626d3a11d070d7fd62d57d3d6e2576ea86d
                                                                                                                                                          • Opcode Fuzzy Hash: 433ce52958b3db964057893b8677f0b86a8aba59004d51538d3be3e9373245ab
                                                                                                                                                          • Instruction Fuzzy Hash: 2DF1967460C380DFD314EF68E48066EBBE1EB8A309F49896DE5C9C7251D33AD950CB92
                                                                                                                                                          Function 01048C02 Relevance: .5, Instructions: 487COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 2afd0720d40e5357e172356727feea6abde68210ccfc1403809f6633ffbe73ac
                                                                                                                                                          • Instruction ID: a9c3fab72b358b6d56a4a437f1752f07254f9f23e5d35f4cf0473bef8e14f7c2
                                                                                                                                                          • Opcode Fuzzy Hash: 2afd0720d40e5357e172356727feea6abde68210ccfc1403809f6633ffbe73ac
                                                                                                                                                          • Instruction Fuzzy Hash: B2E1AA71608351CFC714DF28E88066BBBE1EB8A315F49897DE5C9C7251E33AE950CB92
                                                                                                                                                          Function 0100A300 Relevance: .5, Instructions: 459COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                                                                                                          • Instruction ID: f9f6b30d0b602638308bbe6cf835b251622fe619cacf9e5f76cbab9502c89992
                                                                                                                                                          • Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                                                                                                          • Instruction Fuzzy Hash: 0BF1BC76608341CFE725CF29C88066BBBE6BFD8304F08892DE5C587791E639E945CB52
                                                                                                                                                          Function 01048E70 Relevance: .4, Instructions: 420COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 45e404dbbf11c3b2c7f5d66b82d1ea1110adaef4b2310e3310e5fb12b7a306a2
                                                                                                                                                          • Instruction ID: 54b1b07afa7faafad60a591dd2a4a7f7695aaf194ae6af7349f91ac6fdebc7b5
                                                                                                                                                          • Opcode Fuzzy Hash: 45e404dbbf11c3b2c7f5d66b82d1ea1110adaef4b2310e3310e5fb12b7a306a2
                                                                                                                                                          • Instruction Fuzzy Hash: 4ED1867460C380DFD315EF28E48066FBBE5EB8A319F49896DE5C587252D33AD850CB92
                                                                                                                                                          Function 01014487 Relevance: .4, Instructions: 389COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 50e797bc1112a2757f97b9f4985f634f338c0050dccdd2c2396c5ca19e8c5747
                                                                                                                                                          • Instruction ID: ac08193e16632dcce14836d425ef1ddb60701c415496ff7480f65c18b20bb327
                                                                                                                                                          • Opcode Fuzzy Hash: 50e797bc1112a2757f97b9f4985f634f338c0050dccdd2c2396c5ca19e8c5747
                                                                                                                                                          • Instruction Fuzzy Hash: 3FE1FFB5601B018FD365CF28DA91B97BBE1FF06708F04885CD4EACBA52E739B8148B55
                                                                                                                                                          Function 01046CBF Relevance: .4, Instructions: 384COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ab14a31cb0671d82a761fded824f31066b7df66e97cb8c99efc5c049c5e716bc
                                                                                                                                                          • Instruction ID: 313ef4a95b75ea838424004287b15eb6520a8b0193b2351813d06e488f4e855d
                                                                                                                                                          • Opcode Fuzzy Hash: ab14a31cb0671d82a761fded824f31066b7df66e97cb8c99efc5c049c5e716bc
                                                                                                                                                          • Instruction Fuzzy Hash: 7ED1BE36618359CFC725CF29E48052ABBE1BB8A354F098A7CD8D5C7385D33AE944CB91
                                                                                                                                                          Function 01047AB0 Relevance: .4, Instructions: 354COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b27b4aa4e15374c18b5653d0aae23f9eeedde39c85449c8d23e8531a00320bf9
                                                                                                                                                          • Instruction ID: ce9f84518a37ada4ff5056b23f0fba82d49eccfb94217928d7cbb6149d063fd1
                                                                                                                                                          • Opcode Fuzzy Hash: b27b4aa4e15374c18b5653d0aae23f9eeedde39c85449c8d23e8531a00320bf9
                                                                                                                                                          • Instruction Fuzzy Hash: B6B1E7B2A043514BE724DB69CC8076BBBE5EBC9314F084A7DEAD597381E735DC048B92
                                                                                                                                                          Function 0100AF10 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                                                                                                          • Instruction ID: ae58653bfd2b378cb68c7218ac00f637484e9129c376fdd42e3f632ff581fd7b
                                                                                                                                                          • Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                                                                                                          • Instruction Fuzzy Hash: 31C18EB2A087418FD371CF28DC96BABB7E1BF85318F08492DD1D9C6242E778A155CB46
                                                                                                                                                          Function 01016536 Relevance: .3, Instructions: 295COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: aba6809c1ad9f2c186a09d987179c92114f27f2e14a6bef67e8f6c393a3510ef
                                                                                                                                                          • Instruction ID: d99eca38f78116d30edfc6b3cfaaa5bd066e641682f6b23c9fe1bc26203c0fad
                                                                                                                                                          • Opcode Fuzzy Hash: aba6809c1ad9f2c186a09d987179c92114f27f2e14a6bef67e8f6c393a3510ef
                                                                                                                                                          • Instruction Fuzzy Hash: D4B1F1B4500B408FD3258F24DA80B57BBF2AF5A704F14885CD8EA8BA56E77AF805CB55
                                                                                                                                                          Function 01047710 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                          • Opcode ID: 0013d4794ff94133a632fdb4211568942f3f9d135ea6730b3ec6671af12eb78c
                                                                                                                                                          • Instruction ID: a2d6086b61c31f5449fb291a181312e6b0db9de4c91c3368a3e383056c67f9ce
                                                                                                                                                          • Opcode Fuzzy Hash: 0013d4794ff94133a632fdb4211568942f3f9d135ea6730b3ec6671af12eb78c
                                                                                                                                                          • Instruction Fuzzy Hash: 5E91AEB5608341ABE720DA58DC80BABBBE5FB85354F588C2CF9C587341E731E950CB92
                                                                                                                                                          Function 0104A0D0 Relevance: .3, Instructions: 282COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 855c7b41e60460e32725fbd883a7647f237564cc16e75b0a16b5c0e84aecd96c
                                                                                                                                                          • Instruction ID: 329b23c7dcbea8d92ad56c22d35ac58258cb5dc5c3097d694ec2fe71e2be8b8c
                                                                                                                                                          • Opcode Fuzzy Hash: 855c7b41e60460e32725fbd883a7647f237564cc16e75b0a16b5c0e84aecd96c
                                                                                                                                                          • Instruction Fuzzy Hash: 44816DB4248301DBE724DE2CD8C0A2BBBE5FF49750F45896CE9C68B251E735E810CB92
                                                                                                                                                          Function 011BF9CC Relevance: .3, Instructions: 256COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8161cd761244379976afbea97500bbedac07e115625919b0425e087965a03f18
                                                                                                                                                          • Instruction ID: 5b9dab69e270ff46f5148e5e6c43ac776b4ddd275ce8af57a9b599548848200c
                                                                                                                                                          • Opcode Fuzzy Hash: 8161cd761244379976afbea97500bbedac07e115625919b0425e087965a03f18
                                                                                                                                                          • Instruction Fuzzy Hash: 2E819DB3F5162547F3484979CCA83A22683EBD5324F3F81788A8C9B7C9DD7E4D0A5284
                                                                                                                                                          Function 010364F0 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e49c1af7edb9e2a5a387f3d76b4f6f9aea88d52b81767f3715ca572c737142df
                                                                                                                                                          • Instruction ID: 303d111eae1fb3445a68635673e6659c4b06250ebbe59bed471811a99ce25886
                                                                                                                                                          • Opcode Fuzzy Hash: e49c1af7edb9e2a5a387f3d76b4f6f9aea88d52b81767f3715ca572c737142df
                                                                                                                                                          • Instruction Fuzzy Hash: A671F837B29A904BD3258C7C8C82399BA875BD7234F2DC3B9A9F48B3E9D52B49054340
                                                                                                                                                          Function 010228E9 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: fa34ae6723ba84ba5c290e603b3c25a91794b117f7f643f277424e99382b1148
                                                                                                                                                          • Instruction ID: 9fce8e9bd9521924f827cc34d75bb9f685316c49f76e5d6965e47b779516c5bf
                                                                                                                                                          • Opcode Fuzzy Hash: fa34ae6723ba84ba5c290e603b3c25a91794b117f7f643f277424e99382b1148
                                                                                                                                                          • Instruction Fuzzy Hash: DD6187B44083608BE311AF58D850A2BBBF0FFA6754F18495CF9C58B261E37AC900CB67
                                                                                                                                                          Function 01027C00 Relevance: .2, Instructions: 243COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 889915da606c96571ff3d8414684bec145d447dcab965f3c15e015f7f37c9311
                                                                                                                                                          • Instruction ID: 3cf5c23e65980cc60f03946dbda19a8da9cc844357c19299b5f7c5816e5d598c
                                                                                                                                                          • Opcode Fuzzy Hash: 889915da606c96571ff3d8414684bec145d447dcab965f3c15e015f7f37c9311
                                                                                                                                                          • Instruction Fuzzy Hash: B151B1B16002159BEB21AF28CC92BB737B4EF96368F144558EAC58F391F375D841C762
                                                                                                                                                          Function 01031860 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                                                                                                          • Instruction ID: f09d8f9a11859b3926db7756a2a092b8873c79a3bd1447e57d165e3739a25810
                                                                                                                                                          • Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                                                                                                          • Instruction Fuzzy Hash: EF61BC31608301ABD755CF2CC98032EBBEAABCD351F58C96EE4D98B252D370DD828742
                                                                                                                                                          Function 010382D0 Relevance: .2, Instructions: 215COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6c7daf2bc4d30b82220f1123820ba174af5f4db1dfae5f91c8d20d3052f311b5
                                                                                                                                                          • Instruction ID: 73b0b46083ad575941b8af2b0e0c519396dd81473fcc90f3648b04a186673f1f
                                                                                                                                                          • Opcode Fuzzy Hash: 6c7daf2bc4d30b82220f1123820ba174af5f4db1dfae5f91c8d20d3052f311b5
                                                                                                                                                          • Instruction Fuzzy Hash: 2C613A37B5AA904BD325453D5D553AA6A8B1BD2230F2EC3EBF9F18B3E9C96E48014341
                                                                                                                                                          Function 0115EA63 Relevance: .2, Instructions: 209COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 96aa868cc50078649a6b098d08f0428ba5f9c045d1a7fd25c234668dfc046e29
                                                                                                                                                          • Instruction ID: e4bcdc7d864ab5e061d95e5c9a72969c4db96e95e7d29b45de9416e64fc1b4ab
                                                                                                                                                          • Opcode Fuzzy Hash: 96aa868cc50078649a6b098d08f0428ba5f9c045d1a7fd25c234668dfc046e29
                                                                                                                                                          • Instruction Fuzzy Hash: E7515DF3A082045BF3045E2DECC477ABBDAEBD4324F26863DDA88C3788E87959094156
                                                                                                                                                          Function 010142FC Relevance: .2, Instructions: 206COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3735f02d3b20dbce66d1bc945a65c78fe02b787f754a48456eae26678ab1cf57
                                                                                                                                                          • Instruction ID: 279e027797b17e1a9133b8dc1a88031d669ac3a264f67633f7668fa53247acca
                                                                                                                                                          • Opcode Fuzzy Hash: 3735f02d3b20dbce66d1bc945a65c78fe02b787f754a48456eae26678ab1cf57
                                                                                                                                                          • Instruction Fuzzy Hash: DE81D0B4810B00AFD361EF39D947797BEF4AB06201F404A1DE9EA97694E7316419CBE3
                                                                                                                                                          Function 0103E8A0 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                                                          • Instruction ID: 44cf56b41e23ea3dc431c06d59bbe904d58656bbda6a59e5ba0f89d65d300a23
                                                                                                                                                          • Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                                                          • Instruction Fuzzy Hash: 3D515BB16087548FE314DF69D89435BBBE1BBC9318F044E2DE5E987390E779D6088B82
                                                                                                                                                          Function 01047520 Relevance: .2, Instructions: 176COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: edc4713d9c3682837f5e0f66266423a6cbbc8a648787bd8909ad62fff40d8e17
                                                                                                                                                          • Instruction ID: f7900b7f54509ac68819a77423f359b08476140fe43f2737505cf0de2ef91b43
                                                                                                                                                          • Opcode Fuzzy Hash: edc4713d9c3682837f5e0f66266423a6cbbc8a648787bd8909ad62fff40d8e17
                                                                                                                                                          • Instruction Fuzzy Hash: 0351F5B56082009BD7159E1CDCD0B2EBBE6FB89364F688A3CE9D557391D732E8108B91
                                                                                                                                                          Function 01128D93 Relevance: .2, Instructions: 168COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3e4733ac3a422a496a535294250f975725dee674b19bb4f18bfc437355b1f2db
                                                                                                                                                          • Instruction ID: 3ea2f67ea413e9321f73a1d9cce5ac36df92edc62f7330a01b57a99a2adaa590
                                                                                                                                                          • Opcode Fuzzy Hash: 3e4733ac3a422a496a535294250f975725dee674b19bb4f18bfc437355b1f2db
                                                                                                                                                          • Instruction Fuzzy Hash: 1451E1B3E082205BE354AE28DC85776F7D9EB94320F2B4A3DE9D8D3380D9795C418796
                                                                                                                                                          Function 01005A50 Relevance: .2, Instructions: 163COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7332ccaa2b380f062c753595dff1dd9e2bbbeaed6c3e285a5ccc4f84b5eee767
                                                                                                                                                          • Instruction ID: db69e8850755964956dc04099882cd49b49f116ab7973c051876c9a36ade6ed2
                                                                                                                                                          • Opcode Fuzzy Hash: 7332ccaa2b380f062c753595dff1dd9e2bbbeaed6c3e285a5ccc4f84b5eee767
                                                                                                                                                          • Instruction Fuzzy Hash: 795191759043059FE716DF18C89092ABBE1FF85324F1586ACE8D58B392D631E882CF92
                                                                                                                                                          Function 0102EC48 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 265bbb5752ecf60c4614bff98a68b7844781d70dcc4dbac677045bd647ae9293
                                                                                                                                                          • Instruction ID: 77959d11f354711df748eba344ac77bb804d72a0de32409de307c518c50b237f
                                                                                                                                                          • Opcode Fuzzy Hash: 265bbb5752ecf60c4614bff98a68b7844781d70dcc4dbac677045bd647ae9293
                                                                                                                                                          • Instruction Fuzzy Hash: FC41D474940325DBDF21DF98DC807AEB7B1FF09300F540598E985AB391DB39A951CB91
                                                                                                                                                          Function 01049B60 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 61c93ef14896be4f0ab654e2c404e17c7630c7c1d19896a5bd5e3c6efdc3aadb
                                                                                                                                                          • Instruction ID: 4da5114491717432f337eb2bb8037312087c5ad790470f8db1ee72b8c76ea37c
                                                                                                                                                          • Opcode Fuzzy Hash: 61c93ef14896be4f0ab654e2c404e17c7630c7c1d19896a5bd5e3c6efdc3aadb
                                                                                                                                                          • Instruction Fuzzy Hash: BA4183B4208304ABE750DA19D9D0B2FBBE6EB89718F54887CF5C997241D335E800CB96
                                                                                                                                                          Function 01012030 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5a5a30007dcf4ce4478ad5118e72dc76a348e720b78c3101073d38d9cabba0f6
                                                                                                                                                          • Instruction ID: 597ce6d6c622a3f5b32f59061a240e5c24f7f77e195e0cca61b5ffa6c79cc5ea
                                                                                                                                                          • Opcode Fuzzy Hash: 5a5a30007dcf4ce4478ad5118e72dc76a348e720b78c3101073d38d9cabba0f6
                                                                                                                                                          • Instruction Fuzzy Hash: AC410572A083614FD35DCE29849027ABBE2AFC4310F19866EF4D6873D5DAB88945DB81
                                                                                                                                                          Function 01011E93 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b85967d6de427e275353835c507ec26e2ce4712032de8f251a374df8cd235349
                                                                                                                                                          • Instruction ID: b1da58b435c758292eed7fff39e3d604794aa1d4efa607735a8cd18017b38724
                                                                                                                                                          • Opcode Fuzzy Hash: b85967d6de427e275353835c507ec26e2ce4712032de8f251a374df8cd235349
                                                                                                                                                          • Instruction Fuzzy Hash: 1441F174508380ABD324AB58C884B1FFBF5FB96655F244D1CF6C497292C37AE8148F66
                                                                                                                                                          Function 01048D8A Relevance: .1, Instructions: 124COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 00ac192f7b77e02cfc47fe3f30b694df1c1cc25ada7ede655030ad74d41d3bf8
                                                                                                                                                          • Instruction ID: b938208963bd21cd21136e5075729cfcba04a929eb35e0bde39b8a1246ade64a
                                                                                                                                                          • Opcode Fuzzy Hash: 00ac192f7b77e02cfc47fe3f30b694df1c1cc25ada7ede655030ad74d41d3bf8
                                                                                                                                                          • Instruction Fuzzy Hash: 3341007160D3548FC304EFA8C4D052EFBE6AF99200F098A6ED4D5EB262D774DD018B86
                                                                                                                                                          Function 0101D961 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f376215f079b4149fc5be8568d82f033c018cfaee3af3bd98bcd54852011a0fd
                                                                                                                                                          • Instruction ID: 330cd7b851ca2b1cddb928e3c4c1a8c8bb0a762e6ee42c7644cb2d55a0e74924
                                                                                                                                                          • Opcode Fuzzy Hash: f376215f079b4149fc5be8568d82f033c018cfaee3af3bd98bcd54852011a0fd
                                                                                                                                                          • Instruction Fuzzy Hash: 2441BCB16483928BE330DF54C844BAFB7B1FFA6364F040959E4CA8B695E7794840CB53
                                                                                                                                                          Function 0103F030 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                                                                                                          • Instruction ID: 34ee172d72405f34be28af3f0a55091e08c401923c61eb95780bd6c3cfc8b93f
                                                                                                                                                          • Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                                                                                                          • Instruction Fuzzy Hash: 4C213732D082254BC3249B5DC58053BF7E8EBCA604F06866EE9C4A7295E335981087E2
                                                                                                                                                          Function 010467EF Relevance: .1, Instructions: 101COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5184dbc36217d723626bae5b45eebd702c65471f4da1434f960ce0a87b1327b1
                                                                                                                                                          • Instruction ID: 9527c34a609ac8aec447dfbfeca28ac0a2765ba1c3ade10747f7dce4fa23813d
                                                                                                                                                          • Opcode Fuzzy Hash: 5184dbc36217d723626bae5b45eebd702c65471f4da1434f960ce0a87b1327b1
                                                                                                                                                          • Instruction Fuzzy Hash: F63133B05183829BE714CF14C49066FBFF0AF96284F54591CF4C8AB261E339D985CB9A
                                                                                                                                                          Function 01025E70 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 87b1ca079cbccf483d73dd0a6b6749e0e62c60e730d1e1718d8bca8010fe5104
                                                                                                                                                          • Instruction ID: d4a6900f25ea46422d7f8753af1d62d197f688ca9aa7de03e063212dac005db6
                                                                                                                                                          • Opcode Fuzzy Hash: 87b1ca079cbccf483d73dd0a6b6749e0e62c60e730d1e1718d8bca8010fe5104
                                                                                                                                                          • Instruction Fuzzy Hash: 4621A1705082219BD7119F18C8419BBBBF4EF96764F448958E4D99B292E334C900CBA7
                                                                                                                                                          Function 010049A0 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                                                                                                          • Instruction ID: bb71395bd36b16cf67d7b44328a233a2d53c05781dddb39137f73f1b2641de93
                                                                                                                                                          • Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                                                                                                          • Instruction Fuzzy Hash: 5E31FC316082019BF7529E5CD88096BB7E1EFC5358F18897CEADAC72C1D331D882CB4A
                                                                                                                                                          Function 010464B8 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b2e03bb71572f8a817ead7866480e44688c237fb000f4dc0d4dca2b31f44fc58
                                                                                                                                                          • Instruction ID: 2b1ff2337a48aecb7176a0eeeb2fc5be57342f62894542c401557cb3bee54116
                                                                                                                                                          • Opcode Fuzzy Hash: b2e03bb71572f8a817ead7866480e44688c237fb000f4dc0d4dca2b31f44fc58
                                                                                                                                                          • Instruction Fuzzy Hash: 782175B46082419BDB14EF19E4C0A2EFBF2FBD6741F18882CE4C593351D73AA850CB62
                                                                                                                                                          Function 01045700 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c05f625aef016ad2360c0332fa92e9f26b98d0b574a2db120aef5466a66dc205
                                                                                                                                                          • Instruction ID: 73608c2c9171199b5feca076aa65d5dc0c2e1bc3b4f32d3fd8751b8eb6b7a6a4
                                                                                                                                                          • Opcode Fuzzy Hash: c05f625aef016ad2360c0332fa92e9f26b98d0b574a2db120aef5466a66dc205
                                                                                                                                                          • Instruction Fuzzy Hash: 331151B551D240EBC311AF18E984A5FBBF5AF9A710F05883CE4C49B211D33AD815CBA3
                                                                                                                                                          Function 0103B650 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                          • Instruction ID: 907ca3ad1450dd592e5766c559130387f5b490e032ae3fdd800513ff0b19ba77
                                                                                                                                                          • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                          • Instruction Fuzzy Hash: 6611E533B051D80EC3168D3C84405A9BFE71AE7138B5D83D9F4F89B2D3D6268D8A9364
                                                                                                                                                          Function 01030B80 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                                                                                                          • Instruction ID: cb7e95adabfb6ec4249bfbc10a6a8bba821ff5ac5aefb948a08dfd593c689a5d
                                                                                                                                                          • Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                                                                                                          • Instruction Fuzzy Hash: 8D01B1F1A0230247F725DE18D5D0B7BB6EC6FD161CF0845ACE98647245DB71E804C2A2
                                                                                                                                                          Function 0102D1E1 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b749df29127d79bbfde3aa5e4843e3cdb6cc5a5d63bad50e32b3a7a0ad240c0f
                                                                                                                                                          • Instruction ID: 073d398a057ae2e12a5529d9907d4c473797d5136f78e059d3a8aa72b3a9c0c4
                                                                                                                                                          • Opcode Fuzzy Hash: b749df29127d79bbfde3aa5e4843e3cdb6cc5a5d63bad50e32b3a7a0ad240c0f
                                                                                                                                                          • Instruction Fuzzy Hash: 7E11EFB0408380AFD3109F618484A1FFBE5EBA6714F248C0DF6E49B251C379D819DF56
                                                                                                                                                          Function 01006EA0 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 67c69d74de6773a5c46769a3408b46ffb17e2436e4a62b6f2bf52ecf32af6187
                                                                                                                                                          • Instruction ID: 43e6809e8ca42342307b546dd3d96718cc9bea4d57ec149275d16bbef348292b
                                                                                                                                                          • Opcode Fuzzy Hash: 67c69d74de6773a5c46769a3408b46ffb17e2436e4a62b6f2bf52ecf32af6187
                                                                                                                                                          • Instruction Fuzzy Hash: 50F0B43E71921A0BB261CDAA98C483BB7D7D7C9265F04553CEA81D3246DD73E4168294
                                                                                                                                                          Function 0103B8C0 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                                                                                                          • Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
                                                                                                                                                          • Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                                                                                                          • Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695
                                                                                                                                                          Function 0101C5F0 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                                                          • Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
                                                                                                                                                          • Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                                                          • Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696
                                                                                                                                                          Function 0101B410 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                                                          • Instruction ID: 1dea7066e6da4ae89e711aee7de6da32f96be5b53576774c2c93d86eaade508f
                                                                                                                                                          • Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                                                          • Instruction Fuzzy Hash: BBF027B16041101BDB33CA489C80B77BBECCB8A114F190466F8C453106D2655444C3E5
                                                                                                                                                          Function 01038220 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5a92a4f735c16205c1c75ba7694b717adf90cd9a8c14de46eade868494d8a680
                                                                                                                                                          • Instruction ID: 619b5ccbd3a84ca85d120692619f5f1230e89f8cc24648fa246855392f0dcfc0
                                                                                                                                                          • Opcode Fuzzy Hash: 5a92a4f735c16205c1c75ba7694b717adf90cd9a8c14de46eade868494d8a680
                                                                                                                                                          • Instruction Fuzzy Hash: CC01E4F44107009FD360EF29C585747BBE8EB08714F004A1DE8EACB680D735A5448B82
                                                                                                                                                          Function 01041440 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                                                          • Instruction ID: ac08fd8ccbcc560e602076d10921f49b9384827ed8e7711fcbef2dea6edaf1b9
                                                                                                                                                          • Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                                                          • Instruction Fuzzy Hash: D4D0A77160832147AFB48E1DE440977FBF0EAC7A11F4995AEF7C6E3148D630E881C2A9
                                                                                                                                                          Function 01011ACD Relevance: .0, Instructions: 14COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 38bcfad794b66ccafdd64ff9a359b7fb2e169e8c177b34beb5ae2e54b643fc1c
                                                                                                                                                          • Instruction ID: 1918ca5f4db39b84c2b130d0e0f41a40a2386ec2d4a5044b9fd59eb058b58339
                                                                                                                                                          • Opcode Fuzzy Hash: 38bcfad794b66ccafdd64ff9a359b7fb2e169e8c177b34beb5ae2e54b643fc1c
                                                                                                                                                          • Instruction Fuzzy Hash: 3EC08C38A581028BC318CE18F5D943ABBF8A38720C740702ADB83F7209EE39C4128B09
                                                                                                                                                          Function 01046094 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 82fcdb7cc2603488eb14317554e7c8fb5e9ca7c8af641ce4bad74fb8fb5cd5e3
                                                                                                                                                          • Instruction ID: 4bf630a07ec8dac547c45a8a6c96759cbd74e15b001d83996a615342ae5ecc41
                                                                                                                                                          • Opcode Fuzzy Hash: 82fcdb7cc2603488eb14317554e7c8fb5e9ca7c8af641ce4bad74fb8fb5cd5e3
                                                                                                                                                          • Instruction Fuzzy Hash: 80C09B3465C20087B71CCD04D551476F377AB97754714B01DC9872724BD139D416861D
                                                                                                                                                          Function 01011A3C Relevance: .0, Instructions: 12COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ae5dca58b3415a8094003ad872c44b7af86c7463529f68e2ac70381cb342c5c3
                                                                                                                                                          • Instruction ID: ea8d2626a8fe44b04ea8eee369b9167de55e3f9a6d5f3ced8454bbf4902c3624
                                                                                                                                                          • Opcode Fuzzy Hash: ae5dca58b3415a8094003ad872c44b7af86c7463529f68e2ac70381cb342c5c3
                                                                                                                                                          • Instruction Fuzzy Hash: 5CC09B79B58042CBC258CD9DE5D1535A7FC534710C740302A9B83F7255DD75D4158709
                                                                                                                                                          Function 01045FD6 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2081886599.0000000001001000.00000040.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2081870578.0000000001000000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001060000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012CD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2081923320.0000000001311000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082212544.0000000001312000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082327601.00000000014B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2082345210.00000000014B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1000000_file.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c6cdb92fdfe1cb6d004b31f5d77921c0a06e2b48e270f1f84a91b3288b8373c1
                                                                                                                                                          • Instruction ID: 70f1684cfbe6affe3e9828c1f943142f7783a7f7b9c1db1ee7f1c33d6d9fe9a5
                                                                                                                                                          • Opcode Fuzzy Hash: c6cdb92fdfe1cb6d004b31f5d77921c0a06e2b48e270f1f84a91b3288b8373c1
                                                                                                                                                          • Instruction Fuzzy Hash: F8C09B3476820047B75CCD14D551536F2B7AB87754714B01DC9456724BD139D411870C