Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1531602
MD5:8bcd9a742acedb19fbd8ba34b3a3db7b
SHA1:0058e1c3e4996e00e005590d98fe51be13b541dd
SHA256:742c352c8b9dfbf3440c35e71545f153ef344e4deb58b803809dab6925cad8ec
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 2104 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 8BCD9A742ACEDB19FBD8BA34B3A3DB7B)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["studennotediw.store", "spirittunek.store", "mobbipenju.store", "dissapoiznw.store", "clearancek.site", "eaglepawnoy.store", "licendfilteo.site", "bathdoomgaz.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T12:44:06.077543+020020546531A Network Trojan was detected192.168.2.649700172.67.206.204443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T12:44:06.077543+020020498361A Network Trojan was detected192.168.2.649700172.67.206.204443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T12:44:03.337045+020020564771Domain Observed Used for C2 Detected192.168.2.6496581.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T12:44:03.270996+020020564711Domain Observed Used for C2 Detected192.168.2.6510141.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T12:44:03.314013+020020564811Domain Observed Used for C2 Detected192.168.2.6524821.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T12:44:03.301771+020020564831Domain Observed Used for C2 Detected192.168.2.6550761.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T12:44:03.359037+020020564731Domain Observed Used for C2 Detected192.168.2.6552901.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T12:44:03.288730+020020564851Domain Observed Used for C2 Detected192.168.2.6568091.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T12:44:03.348515+020020564751Domain Observed Used for C2 Detected192.168.2.6645781.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T12:44:03.326470+020020564791Domain Observed Used for C2 Detected192.168.2.6518811.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T12:44:04.773062+020028586661Domain Observed Used for C2 Detected192.168.2.649699104.102.49.254443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: file.exeAvira: detected
    Antivirus detection for URL or domain
    Source: https://steamcommunity.com/profiles/76561199724331900URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/inventory/URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/badgesURL Reputation: Label: malware
    Found malware configuration
    Source: file.exe.2104.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["studennotediw.store", "spirittunek.store", "mobbipenju.store", "dissapoiznw.store", "clearancek.site", "eaglepawnoy.store", "licendfilteo.site", "bathdoomgaz.store"], "Build id": "4SD0y4--legendaryy"}
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpString decryptor: licendfilteo.site
    Source: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpString decryptor: spirittunek.store
    Source: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpString decryptor: bathdoomgaz.store
    Source: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpString decryptor: studennotediw.store
    Source: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpString decryptor: dissapoiznw.store
    Source: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpString decryptor: eaglepawnoy.store
    Source: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpString decryptor: mobbipenju.store
    Source: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--legendaryy
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49699 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.6:49700 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00F350FA
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00EFD110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00EFD110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_00F363B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_00F399D0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h0_2_00F3695B
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]0_2_00EFFCA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00F00EEC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00F36094
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00F34040
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then dec ebx0_2_00F2F030
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00F06F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, dword ptr [edx]0_2_00EF1000
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_00F1D1E1
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00F042FC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_00F12260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [esi], ax0_2_00F12260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_00F223E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_00F223E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_00F223E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], al0_2_00F223E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_00F223E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+14h]0_2_00F223E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, eax0_2_00EFA300
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_00F364B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_00F1C470
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00F0D457
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]0_2_00F31440
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp], 00000000h0_2_00F0B410
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_00F1E40C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]0_2_00EF8590
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00F06536
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh0_2_00F37520
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00F19510
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_00F1E66A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00F2B650
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]0_2_00F367EF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_00F1D7AF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [edi+eax]0_2_00F37710
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00F35700
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_00F128E9
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]0_2_00EF49A0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h0_2_00F0D961
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h0_2_00F33920
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00F01ACD
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00F34A40
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_00EF5A50
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00F01A3C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00F03BE2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00F01BEE
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_00F20B80
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_00F39B60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+000006B8h]0_2_00F0DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h0_2_00F0DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00F39CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh0_2_00F39CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h0_2_00F1CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00F1CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h0_2_00F1CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00F1AC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], ax0_2_00F1AC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [eax+esi+02h], 0000h0_2_00F1EC48
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh0_2_00F2FC20
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h0_2_00F17C00
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00F38D8A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_00F1DD29
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh0_2_00F1FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]0_2_00EF6EA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [ebx], 00000000h0_2_00F06EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [ebp+00h]0_2_00EFBEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00F01E93
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00F15E70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00F17E60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, word ptr [ecx]0_2_00F1AE57
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, ecx0_2_00F04E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00F35FD6
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], 0000h0_2_00F0FFDF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h0_2_00F37FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00F37FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00EF8FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00F06F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00F2FF70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00F19F62

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.6:56809 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.6:64578 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.6:55290 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.6:55076 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.6:52482 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.6:51014 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.6:51881 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.6:49658 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.6:49699 -> 104.102.49.254:443
    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49700 -> 172.67.206.204:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49700 -> 172.67.206.204:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: studennotediw.store
    Source: Malware configuration extractorURLs: spirittunek.store
    Source: Malware configuration extractorURLs: mobbipenju.store
    Source: Malware configuration extractorURLs: dissapoiznw.store
    Source: Malware configuration extractorURLs: clearancek.site
    Source: Malware configuration extractorURLs: eaglepawnoy.store
    Source: Malware configuration extractorURLs: licendfilteo.site
    Source: Malware configuration extractorURLs: bathdoomgaz.store
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewIP Address: 172.67.206.204 172.67.206.204
    Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: file.exe, 00000000.00000003.2131773298.0000000000C7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=9ba8b8f5e1de6b2a531a77dc; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type34837Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveFri, 11 Oct 2024 10:44:04 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000002.2152672974.0000000000CB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: steamstatic.sergei-esenin.comsergei-esenin.comtps://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000002.2152672974.0000000000CB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: tps://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: clearancek.site
    Source: global trafficDNS traffic detected: DNS query: mobbipenju.store
    Source: global trafficDNS traffic detected: DNS query: eaglepawnoy.store
    Source: global trafficDNS traffic detected: DNS query: dissapoiznw.store
    Source: global trafficDNS traffic detected: DNS query: studennotediw.store
    Source: global trafficDNS traffic detected: DNS query: bathdoomgaz.store
    Source: global trafficDNS traffic detected: DNS query: spirittunek.store
    Source: global trafficDNS traffic detected: DNS query: licendfilteo.site
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: global trafficDNS traffic detected: DNS query: sergei-esenin.com
    Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143324674.0000000000C39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143324674.0000000000C39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143324674.0000000000C39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic
    Source: file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2151973328.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143324674.0000000000C39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143324674.0000000000C39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143324674.0000000000C39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2150940912.0000000000C36000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143324674.0000000000C39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143324674.0000000000C39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=Gu9gs5hf
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143324674.0000000000C39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=M7aU
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=IZH_ONwLX4kw&l=e
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: file.exe, 00000000.00000002.2152672974.0000000000C7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/
    Source: file.exe, 00000000.00000003.2143324674.0000000000C54000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143434001.0000000000C79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2152672974.0000000000C7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api
    Source: file.exe, 00000000.00000003.2143324674.0000000000C54000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143434001.0000000000C79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2152672974.0000000000C7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api(g
    Source: file.exe, 00000000.00000003.2143324674.0000000000C54000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2151973328.0000000000C54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com:443/apifiles/76561199724331900
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2151973328.0000000000C54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2150940912.0000000000C36000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: file.exe, 00000000.00000003.2143324674.0000000000C54000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2151973328.0000000000C54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2151973328.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143324674.0000000000C39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2150940912.0000000000C36000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: file.exe, 00000000.00000002.2152672974.0000000000CB2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131773298.0000000000C7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f
    Source: file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143324674.0000000000C39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
    Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
    Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49699 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.6:49700 version: TLS 1.2

    System Summary

    barindex
    PE file contains section with special chars
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F002280_2_00F00228
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F3A0D00_2_00F3A0D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD1490_2_010AD149
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010B21470_2_010B2147
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F340400_2_00F34040
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010BB1B00_2_010BB1B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F020300_2_00F02030
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF10000_2_00EF1000
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF71F00_2_00EF71F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EFE1A00_2_00EFE1A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF51600_2_00EF5160
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010BC0D40_2_010BC0D4
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF12F70_2_00EF12F7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F282D00_2_00F282D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F212D00_2_00F212D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010033990_2_01003399
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F223E00_2_00F223E0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF13A30_2_00EF13A3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EFB3A00_2_00EFB3A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EFA3000_2_00EFA300
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FD430E0_2_00FD430E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F264F00_2_00F264F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F0049B0_2_00F0049B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F044870_2_00F04487
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F1C4700_2_00F1C470
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F0C5F00_2_00F0C5F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF35B00_2_00EF35B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF85900_2_00EF8590
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FDC5330_2_00FDC533
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FAA5340_2_00FAA534
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F386F00_2_00F386F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF164F0_2_00EF164F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F386520_2_00F38652
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2F6200_2_00F2F620
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0109D61C0_2_0109D61C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010B565B0_2_010B565B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FC58FF0_2_00FC58FF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2B8C00_2_00F2B8C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2E8A00_2_00F2E8A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F218600_2_00F21860
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EFA8500_2_00EFA850
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010799C30_2_010799C3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F389A00_2_00F389A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F1098B0_2_00F1098B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FE9ABE0_2_00FE9ABE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F37AB00_2_00F37AB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F38A800_2_00F38A80
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F34A400_2_00F34A40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F6CA3A0_2_00F6CA3A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010BDBD50_2_010BDBD5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF7BF00_2_00EF7BF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F0DB6F0_2_00F0DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AEAAF0_2_010AEAAF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F1CCD00_2_00F1CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F36CBF0_2_00F36CBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01071D9A0_2_01071D9A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F38C020_2_00F38C02
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010B3C0B0_2_010B3C0B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F18D620_2_00F18D62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F1DD290_2_00F1DD29
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F1FD100_2_00F1FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F06EBF0_2_00F06EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EFBEB00_2_00EFBEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F38E700_2_00F38E70
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F1AE570_2_00F1AE57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F04E2A0_2_00F04E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011A2FF20_2_011A2FF2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F37FC00_2_00F37FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF8FD00_2_00EF8FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EFAF100_2_00EFAF10
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00F0D300 appears 152 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00EFCAA0 appears 48 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: file.exeStatic PE information: Section: ZLIB complexity 0.9995165532178217
    Source: file.exeStatic PE information: Section: jtkykacn ZLIB complexity 0.9940703219525105
    Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@10/2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F28220 CoCreateInstance,0_2_00F28220
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
    Source: file.exeStatic file information: File size 1862656 > 1048576
    Source: file.exeStatic PE information: Raw size of jtkykacn is bigger than: 0x100000 < 0x19d400

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.ef0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;jtkykacn:EW;tsjbrqzq:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;jtkykacn:EW;tsjbrqzq:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: file.exeStatic PE information: real checksum: 0x1d06c0 should be: 0x1c74ae
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: jtkykacn
    Source: file.exeStatic PE information: section name: tsjbrqzq
    Source: file.exeStatic PE information: section name: .taggant
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push 38001F4Dh; mov dword ptr [esp], eax0_2_010AD152
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push edi; mov dword ptr [esp], ebx0_2_010AD159
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push 3EDCAC5Fh; mov dword ptr [esp], esi0_2_010AD1EA
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push ebp; mov dword ptr [esp], ebx0_2_010AD1F9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push ebx; mov dword ptr [esp], edi0_2_010AD211
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push 05CC39B4h; mov dword ptr [esp], edx0_2_010AD265
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push ebx; mov dword ptr [esp], 2D7FE139h0_2_010AD269
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push esi; mov dword ptr [esp], ebx0_2_010AD307
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push 0F026A2Ah; mov dword ptr [esp], eax0_2_010AD388
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push 58281D51h; mov dword ptr [esp], ecx0_2_010AD3AB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push 639D7621h; mov dword ptr [esp], edi0_2_010AD401
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push 03FDC42Dh; mov dword ptr [esp], esi0_2_010AD409
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push ecx; mov dword ptr [esp], 765F33C8h0_2_010AD4DD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push 25E6CA74h; mov dword ptr [esp], edx0_2_010AD511
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push edi; mov dword ptr [esp], 00000096h0_2_010AD593
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push edi; mov dword ptr [esp], ebp0_2_010AD5A7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push esi; mov dword ptr [esp], 0B4660DAh0_2_010AD61A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push 0105BBB4h; mov dword ptr [esp], ebp0_2_010AD660
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push esi; mov dword ptr [esp], edx0_2_010AD677
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push eax; mov dword ptr [esp], 77FBAFC3h0_2_010AD693
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push eax; mov dword ptr [esp], ecx0_2_010AD69E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push edi; mov dword ptr [esp], ebx0_2_010AD869
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push ebp; mov dword ptr [esp], 7EFFE6AFh0_2_010AD882
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push esi; mov dword ptr [esp], edi0_2_010AD8B1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push eax; mov dword ptr [esp], 5DE8A806h0_2_010AD93B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push 3D581C7Fh; mov dword ptr [esp], esi0_2_010ADA43
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push 212D2F12h; mov dword ptr [esp], edi0_2_010ADAAD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push ecx; mov dword ptr [esp], edi0_2_010ADACE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push edx; mov dword ptr [esp], ecx0_2_010ADB9E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push eax; mov dword ptr [esp], edi0_2_010ADC1B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD149 push 0A110C4Ah; mov dword ptr [esp], ebx0_2_010ADC4C
    Source: file.exeStatic PE information: section name: entropy: 7.977222839698793
    Source: file.exeStatic PE information: section name: jtkykacn entropy: 7.954417597984127

    Boot Survival

    barindex
    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes / dynamic malware analysis system (registry check)
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C4529 second address: 10C4533 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F61ECB1D1A6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C4533 second address: 10C4569 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61ED537681h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c jmp 00007F61ED537687h 0x00000011 jnp 00007F61ED537676h 0x00000017 pop edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C4569 second address: 10C4574 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F61ECB1D1A6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C4574 second address: 10C457A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10ACC77 second address: 10ACC80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10ACC80 second address: 10ACC9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007F61ED53767Ah 0x00000010 push eax 0x00000011 push edx 0x00000012 jc 00007F61ED537676h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10ACC9E second address: 10ACCA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10ACCA2 second address: 10ACCB5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F61ED53767Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C3595 second address: 10C3599 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C36D9 second address: 10C3705 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F61ED537678h 0x0000000a jmp 00007F61ED537683h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jl 00007F61ED537676h 0x0000001a push ecx 0x0000001b pop ecx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C3705 second address: 10C3711 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F61ECB1D1A6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C3883 second address: 10C38C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F61ED537676h 0x0000000a pop esi 0x0000000b pushad 0x0000000c jmp 00007F61ED537689h 0x00000011 jmp 00007F61ED537686h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C3A40 second address: 10C3A46 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C3A46 second address: 10C3A5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F61ED537685h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C3A5F second address: 10C3A63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C3A63 second address: 10C3A69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C3A69 second address: 10C3A72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C3A72 second address: 10C3A78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C7228 second address: 10C72A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61ECB1D1AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a jmp 00007F61ECB1D1B7h 0x0000000f pop edi 0x00000010 popad 0x00000011 add dword ptr [esp], 20886CC6h 0x00000018 push 00000000h 0x0000001a push edi 0x0000001b call 00007F61ECB1D1A8h 0x00000020 pop edi 0x00000021 mov dword ptr [esp+04h], edi 0x00000025 add dword ptr [esp+04h], 0000001Bh 0x0000002d inc edi 0x0000002e push edi 0x0000002f ret 0x00000030 pop edi 0x00000031 ret 0x00000032 mov dword ptr [ebp+122D2AB6h], eax 0x00000038 stc 0x00000039 lea ebx, dword ptr [ebp+1244703Bh] 0x0000003f pushad 0x00000040 jmp 00007F61ECB1D1B7h 0x00000045 cld 0x00000046 popad 0x00000047 xchg eax, ebx 0x00000048 push eax 0x00000049 push edx 0x0000004a push eax 0x0000004b push edx 0x0000004c push eax 0x0000004d push edx 0x0000004e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C72A8 second address: 10C72AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C72AC second address: 10C72B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C72B0 second address: 10C72B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C73D7 second address: 10C7421 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 xor dword ptr [esp], 38122BB6h 0x0000000d mov dword ptr [ebp+122D3385h], ecx 0x00000013 lea ebx, dword ptr [ebp+12447044h] 0x00000019 push edx 0x0000001a jmp 00007F61ECB1D1B3h 0x0000001f pop esi 0x00000020 xchg eax, ebx 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F61ECB1D1B8h 0x00000029 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C7421 second address: 10C743B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F61ED537678h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jc 00007F61ED537676h 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C743B second address: 10C7441 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C7441 second address: 10C744B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F61ED537676h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C7494 second address: 10C749A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C749A second address: 10C74CD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov edi, dword ptr [ebp+122D2AFEh] 0x00000011 cld 0x00000012 push 00000000h 0x00000014 mov di, 1100h 0x00000018 call 00007F61ED537679h 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F61ED537680h 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C74CD second address: 10C74D2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C74D2 second address: 10C750C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 jns 00007F61ED537678h 0x0000000f pushad 0x00000010 popad 0x00000011 pop eax 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 pushad 0x00000017 jnp 00007F61ED53768Fh 0x0000001d jmp 00007F61ED537689h 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C750C second address: 10C7510 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C7510 second address: 10C7514 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C7514 second address: 10C7547 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 jne 00007F61ECB1D1ACh 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F61ECB1D1B8h 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C7547 second address: 10C75CE instructions: 0x00000000 rdtsc 0x00000002 ja 00007F61ED53768Eh 0x00000008 jmp 00007F61ED537688h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop eax 0x00000010 push 00000003h 0x00000012 push 00000000h 0x00000014 push esi 0x00000015 call 00007F61ED537678h 0x0000001a pop esi 0x0000001b mov dword ptr [esp+04h], esi 0x0000001f add dword ptr [esp+04h], 0000001Dh 0x00000027 inc esi 0x00000028 push esi 0x00000029 ret 0x0000002a pop esi 0x0000002b ret 0x0000002c sbb si, A0C0h 0x00000031 push 00000000h 0x00000033 jmp 00007F61ED537681h 0x00000038 push 00000003h 0x0000003a jmp 00007F61ED537684h 0x0000003f call 00007F61ED537679h 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 push edx 0x00000049 pop edx 0x0000004a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C75CE second address: 10C75D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C75D2 second address: 10C75D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C75D8 second address: 10C75DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C75DE second address: 10C75FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61ED53767Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jo 00007F61ED537676h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C75FA second address: 10C7613 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61ECB1D1ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F61ECB1D1ACh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C7613 second address: 10C7628 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jo 00007F61ED537676h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 popad 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C7628 second address: 10C7636 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a pushad 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C7636 second address: 10C7652 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jl 00007F61ED537676h 0x0000000c jo 00007F61ED537676h 0x00000012 popad 0x00000013 popad 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 pushad 0x00000019 push esi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C7652 second address: 10C76D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007F61ECB1D1B3h 0x0000000a popad 0x0000000b pop eax 0x0000000c push 00000000h 0x0000000e push esi 0x0000000f call 00007F61ECB1D1A8h 0x00000014 pop esi 0x00000015 mov dword ptr [esp+04h], esi 0x00000019 add dword ptr [esp+04h], 00000014h 0x00000021 inc esi 0x00000022 push esi 0x00000023 ret 0x00000024 pop esi 0x00000025 ret 0x00000026 jmp 00007F61ECB1D1B5h 0x0000002b lea ebx, dword ptr [ebp+1244704Fh] 0x00000031 push 00000000h 0x00000033 push ebx 0x00000034 call 00007F61ECB1D1A8h 0x00000039 pop ebx 0x0000003a mov dword ptr [esp+04h], ebx 0x0000003e add dword ptr [esp+04h], 0000001Dh 0x00000046 inc ebx 0x00000047 push ebx 0x00000048 ret 0x00000049 pop ebx 0x0000004a ret 0x0000004b movzx esi, bx 0x0000004e xchg eax, ebx 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 push eax 0x00000054 push edx 0x00000055 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C76D2 second address: 10C76D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C76D6 second address: 10C76DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10C76DC second address: 10C76E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D9552 second address: 10D9563 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10D9563 second address: 10D9568 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B36A0 second address: 10B36C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pushad 0x00000007 jmp 00007F61ECB1D1B3h 0x0000000c pushad 0x0000000d jne 00007F61ECB1D1A6h 0x00000013 jne 00007F61ECB1D1A6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B36C9 second address: 10B36D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E66EF second address: 10E66FC instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F61ECB1D1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E66FC second address: 10E6704 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E69DE second address: 10E6A13 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jnc 00007F61ECB1D1A6h 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jmp 00007F61ECB1D1B9h 0x00000014 push ecx 0x00000015 jmp 00007F61ECB1D1AAh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E6B43 second address: 10E6B49 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E6C84 second address: 10E6C8E instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F61ECB1D1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E6C8E second address: 10E6CAC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F61ED537684h 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E6CAC second address: 10E6CB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E6F5F second address: 10E6F6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E6F6A second address: 10E6F76 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F61ECB1D1A6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E6F76 second address: 10E6F92 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F61ED537683h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E6F92 second address: 10E6FB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F61ECB1D1A6h 0x0000000a pushad 0x0000000b popad 0x0000000c jng 00007F61ECB1D1A6h 0x00000012 popad 0x00000013 jmp 00007F61ECB1D1AFh 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E6FB4 second address: 10E6FBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E6FBA second address: 10E6FC0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E70FD second address: 10E7101 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E7101 second address: 10E7107 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E7107 second address: 10E7120 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F61ED53767Ah 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007F61ED537676h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E7561 second address: 10E7566 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E7566 second address: 10E757B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F61ED537676h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jne 00007F61ED537676h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E7751 second address: 10E7756 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E7756 second address: 10E7780 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F61ED537681h 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F61ED53767Eh 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E80CC second address: 10E80DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F61ECB1D1A6h 0x0000000a popad 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E80DA second address: 10E80DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E80DF second address: 10E80E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E80E5 second address: 10E80EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F61ED537676h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10E83DC second address: 10E83E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10BA22A second address: 10BA22E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10BA22E second address: 10BA244 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F61ECB1D1B0h 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10BA244 second address: 10BA257 instructions: 0x00000000 rdtsc 0x00000002 js 00007F61ED53767Eh 0x00000008 push esi 0x00000009 pop esi 0x0000000a je 00007F61ED537676h 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B1C37 second address: 10B1C5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 ja 00007F61ECB1D1C0h 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B1C5C second address: 10B1C66 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F61ED53767Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10EF7C5 second address: 10EF7CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10EF7CA second address: 10EF7D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10BD69B second address: 10BD6AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10BD6AA second address: 10BD6DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F61ED537685h 0x0000000c jmp 00007F61ED537687h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10BD6DD second address: 10BD6EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61ECB1D1AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F4717 second address: 10F4724 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007F61ED537676h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F4724 second address: 10F474F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61ECB1D1ADh 0x00000007 jmp 00007F61ECB1D1B0h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 je 00007F61ECB1D1A6h 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F474F second address: 10F4755 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F4755 second address: 10F4775 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jg 00007F61ECB1D1B2h 0x0000000e jp 00007F61ECB1D1A6h 0x00000014 jnc 00007F61ECB1D1A6h 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d pop eax 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F4775 second address: 10F4779 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F4A7A second address: 10F4A7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F4A7E second address: 10F4A95 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F61ED537681h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F4A95 second address: 10F4AC1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61ECB1D1B6h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F61ECB1D1AFh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F4D91 second address: 10F4D99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F4D99 second address: 10F4DBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jmp 00007F61ECB1D1B9h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F629A second address: 10F62BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jo 00007F61ED537678h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f pushad 0x00000010 jbe 00007F61ED537678h 0x00000016 push eax 0x00000017 push edx 0x00000018 js 00007F61ED537676h 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F63BC second address: 10F63C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F63C2 second address: 10F63DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61ED53767Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F649F second address: 10F64A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F671C second address: 10F6720 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F6720 second address: 10F6743 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007F61ECB1D1B3h 0x0000000d jnl 00007F61ECB1D1ACh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F6BD5 second address: 10F6C26 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F61ED537676h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push ecx 0x0000000d jmp 00007F61ED537686h 0x00000012 pop ecx 0x00000013 xchg eax, ebx 0x00000014 push 00000000h 0x00000016 push edx 0x00000017 call 00007F61ED537678h 0x0000001c pop edx 0x0000001d mov dword ptr [esp+04h], edx 0x00000021 add dword ptr [esp+04h], 00000014h 0x00000029 inc edx 0x0000002a push edx 0x0000002b ret 0x0000002c pop edx 0x0000002d ret 0x0000002e mov edi, eax 0x00000030 push esi 0x00000031 adc esi, 16B64E95h 0x00000037 pop edi 0x00000038 nop 0x00000039 pushad 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d popad 0x0000003e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F6C26 second address: 10F6C50 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F61ECB1D1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F61ECB1D1B0h 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 ja 00007F61ECB1D1ACh 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F6F40 second address: 10F6F57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c jns 00007F61ED537676h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 pop eax 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F7062 second address: 10F7067 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F7140 second address: 10F7159 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F61ED537685h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F9B79 second address: 10F9B7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F9B7D second address: 10F9B81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F9B81 second address: 10F9BB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jnl 00007F61ECB1D1B2h 0x0000000d nop 0x0000000e mov edi, 5E4E983Ah 0x00000013 push 00000000h 0x00000015 cmc 0x00000016 push 00000000h 0x00000018 xor si, 0A0Fh 0x0000001d xchg eax, ebx 0x0000001e push eax 0x0000001f push edx 0x00000020 jo 00007F61ECB1D1A8h 0x00000026 push eax 0x00000027 pop eax 0x00000028 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F9BB5 second address: 10F9BC6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jnp 00007F61ED537676h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push ebx 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FA734 second address: 10FA749 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61ECB1D1B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FB21C second address: 10FB220 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FB220 second address: 10FB226 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FB226 second address: 10FB234 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FB234 second address: 10FB238 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FB238 second address: 10FB287 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 nop 0x00000008 mov esi, ebx 0x0000000a push 00000000h 0x0000000c jne 00007F61ED537682h 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push ecx 0x00000017 call 00007F61ED537678h 0x0000001c pop ecx 0x0000001d mov dword ptr [esp+04h], ecx 0x00000021 add dword ptr [esp+04h], 0000001Ah 0x00000029 inc ecx 0x0000002a push ecx 0x0000002b ret 0x0000002c pop ecx 0x0000002d ret 0x0000002e mov esi, dword ptr [ebp+122D2D16h] 0x00000034 push eax 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a popad 0x0000003b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FB287 second address: 10FB295 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61ECB1D1AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FB295 second address: 10FB29F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F61ED537676h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FBBDF second address: 10FBC15 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F61ECB1D1A8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d xor edi, dword ptr [ebp+122D2CCAh] 0x00000013 push 00000000h 0x00000015 mov esi, 069CB3FAh 0x0000001a push 00000000h 0x0000001c adc si, 6606h 0x00000021 xchg eax, ebx 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 jmp 00007F61ECB1D1ACh 0x0000002a pushad 0x0000002b popad 0x0000002c popad 0x0000002d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FBC15 second address: 10FBC2C instructions: 0x00000000 rdtsc 0x00000002 jl 00007F61ED537678h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f je 00007F61ED537678h 0x00000015 push esi 0x00000016 pop esi 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FBC2C second address: 10FBC47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F61ECB1D1B7h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FC779 second address: 10FC77F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FC4B5 second address: 10FC4BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FC4BB second address: 10FC4C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FC4C0 second address: 10FC4CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F61ECB1D1A6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FE797 second address: 10FE79B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10AE5F2 second address: 10AE5FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F61ECB1D1A6h 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10AE5FD second address: 10AE602 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1101199 second address: 11011A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11011A0 second address: 11011B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jbe 00007F61ED537678h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1101756 second address: 110175D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110279D second address: 11027A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110545D second address: 1105463 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1105463 second address: 1105468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1105468 second address: 110546D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1105504 second address: 1105508 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1104677 second address: 11046C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F61ECB1D1B1h 0x00000008 push eax 0x00000009 pop eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e push dword ptr fs:[00000000h] 0x00000015 mov dword ptr [ebp+122D30DAh], ecx 0x0000001b clc 0x0000001c mov dword ptr fs:[00000000h], esp 0x00000023 sbb ebx, 072EC3FAh 0x00000029 mov eax, dword ptr [ebp+122D1269h] 0x0000002f pushad 0x00000030 mov dx, 88F0h 0x00000034 popad 0x00000035 push FFFFFFFFh 0x00000037 movzx edi, di 0x0000003a push eax 0x0000003b push esi 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1106615 second address: 110661B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11077D1 second address: 110786E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F61ECB1D1B6h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jmp 00007F61ECB1D1AAh 0x00000013 nop 0x00000014 mov bx, dx 0x00000017 mov edi, dword ptr [ebp+122D2CDEh] 0x0000001d push dword ptr fs:[00000000h] 0x00000024 push 00000000h 0x00000026 push edx 0x00000027 call 00007F61ECB1D1A8h 0x0000002c pop edx 0x0000002d mov dword ptr [esp+04h], edx 0x00000031 add dword ptr [esp+04h], 00000018h 0x00000039 inc edx 0x0000003a push edx 0x0000003b ret 0x0000003c pop edx 0x0000003d ret 0x0000003e mov dword ptr fs:[00000000h], esp 0x00000045 mov dword ptr [ebp+122D2F97h], edx 0x0000004b mov eax, dword ptr [ebp+122D0B11h] 0x00000051 mov edi, dword ptr [ebp+122D2B56h] 0x00000057 push FFFFFFFFh 0x00000059 push 00000000h 0x0000005b push edx 0x0000005c call 00007F61ECB1D1A8h 0x00000061 pop edx 0x00000062 mov dword ptr [esp+04h], edx 0x00000066 add dword ptr [esp+04h], 00000014h 0x0000006e inc edx 0x0000006f push edx 0x00000070 ret 0x00000071 pop edx 0x00000072 ret 0x00000073 mov ebx, dword ptr [ebp+122D3080h] 0x00000079 nop 0x0000007a push edi 0x0000007b push eax 0x0000007c push edx 0x0000007d pushad 0x0000007e popad 0x0000007f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1109734 second address: 1109739 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11088E6 second address: 11088EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11088EC second address: 1108900 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 pop esi 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e je 00007F61ED537676h 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1108900 second address: 1108919 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61ECB1D1B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110B80E second address: 110B891 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F61ED537676h 0x00000009 jmp 00007F61ED537686h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 jmp 00007F61ED537689h 0x00000017 nop 0x00000018 push 00000000h 0x0000001a push edx 0x0000001b call 00007F61ED537678h 0x00000020 pop edx 0x00000021 mov dword ptr [esp+04h], edx 0x00000025 add dword ptr [esp+04h], 0000001Ah 0x0000002d inc edx 0x0000002e push edx 0x0000002f ret 0x00000030 pop edx 0x00000031 ret 0x00000032 jbe 00007F61ED53767Ch 0x00000038 mov dword ptr [ebp+1246B4C1h], ecx 0x0000003e push 00000000h 0x00000040 mov edi, 1A845BD4h 0x00000045 push 00000000h 0x00000047 adc di, EFD2h 0x0000004c push eax 0x0000004d push esi 0x0000004e push eax 0x0000004f push edx 0x00000050 jl 00007F61ED537676h 0x00000056 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110B891 second address: 110B895 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110C7F0 second address: 110C7F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110C7F4 second address: 110C7FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110E8FE second address: 110E90B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007F61ED537676h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110E90B second address: 110E90F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110E90F second address: 110E91C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110CACB second address: 110CAD4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110CAD4 second address: 110CB06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F61ED537680h 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c jp 00007F61ED537691h 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F61ED537683h 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110DAC3 second address: 110DACB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110EBD6 second address: 110EBDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110EBDA second address: 110EBE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110EBE0 second address: 110EBE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110EBE6 second address: 110EBEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110FCE4 second address: 110FCE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1110BFA second address: 1110C97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 mov dword ptr [esp], eax 0x00000009 sub dword ptr [ebp+122D28D2h], ebx 0x0000000f jne 00007F61ECB1D1ACh 0x00000015 push dword ptr fs:[00000000h] 0x0000001c jmp 00007F61ECB1D1AAh 0x00000021 mov dword ptr fs:[00000000h], esp 0x00000028 pushad 0x00000029 sub dword ptr [ebp+122D323Dh], edi 0x0000002f call 00007F61ECB1D1ACh 0x00000034 mov dword ptr [ebp+122D3B03h], eax 0x0000003a pop ecx 0x0000003b popad 0x0000003c mov eax, dword ptr [ebp+122D0129h] 0x00000042 push 00000000h 0x00000044 push edi 0x00000045 call 00007F61ECB1D1A8h 0x0000004a pop edi 0x0000004b mov dword ptr [esp+04h], edi 0x0000004f add dword ptr [esp+04h], 0000001Ch 0x00000057 inc edi 0x00000058 push edi 0x00000059 ret 0x0000005a pop edi 0x0000005b ret 0x0000005c jg 00007F61ECB1D1ABh 0x00000062 push FFFFFFFFh 0x00000064 jmp 00007F61ECB1D1AFh 0x00000069 nop 0x0000006a push eax 0x0000006b push edx 0x0000006c pushad 0x0000006d pushad 0x0000006e popad 0x0000006f push ecx 0x00000070 pop ecx 0x00000071 popad 0x00000072 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1110C97 second address: 1110C9C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1114879 second address: 111488C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F61ECB1D1AFh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1118DAF second address: 1118DBE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F61ED53767Bh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1118687 second address: 11186A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 js 00007F61ECB1D1A6h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F61ECB1D1AFh 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11186A7 second address: 11186AF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11247D8 second address: 11247E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jng 00007F61ECB1D1A6h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11247E4 second address: 11247EA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11247EA second address: 1124801 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jl 00007F61ECB1D1AEh 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1124801 second address: 112480D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F61ED53767Ch 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112480D second address: 112481B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jns 00007F61ECB1D1A6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112481B second address: 112481F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112481F second address: 1124823 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1124D76 second address: 1124D95 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61ED537682h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jnl 00007F61ED537676h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1125039 second address: 1125043 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F61ECB1D1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1125043 second address: 112505F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F61ED537688h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112505F second address: 1125093 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61ECB1D1B6h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F61ECB1D1B6h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11297C5 second address: 11297D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F61ED537676h 0x0000000a push edx 0x0000000b pop edx 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1129A6F second address: 1129A8B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61ECB1D1AAh 0x00000007 jmp 00007F61ECB1D1AEh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1129A8B second address: 1129A90 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1129BF4 second address: 1129BF9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1129BF9 second address: 1129BFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1129BFF second address: 1129C0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnp 00007F61ECB1D1ACh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1129E83 second address: 1129E87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1129E87 second address: 1129E8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1129E8D second address: 1129E95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1129E95 second address: 1129E99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112A673 second address: 112A686 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61ED53767Ah 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112A686 second address: 112A699 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F61ECB1D1AAh 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112AB7C second address: 112AB9B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 pushad 0x00000008 jns 00007F61ED537682h 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1129505 second address: 112951D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jnp 00007F61ECB1D1AAh 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112951D second address: 1129527 instructions: 0x00000000 rdtsc 0x00000002 je 00007F61ED537676h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FF01D second address: 10FF021 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FF021 second address: 10FF02E instructions: 0x00000000 rdtsc 0x00000002 je 00007F61ED537676h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FF02E second address: 10FF046 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F61ECB1D1ADh 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FF046 second address: 10FF0A4 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F61ED53767Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov cx, bx 0x0000000e lea eax, dword ptr [ebp+1247ED23h] 0x00000014 push 00000000h 0x00000016 push ebp 0x00000017 call 00007F61ED537678h 0x0000001c pop ebp 0x0000001d mov dword ptr [esp+04h], ebp 0x00000021 add dword ptr [esp+04h], 00000015h 0x00000029 inc ebp 0x0000002a push ebp 0x0000002b ret 0x0000002c pop ebp 0x0000002d ret 0x0000002e mov ch, BCh 0x00000030 nop 0x00000031 push ecx 0x00000032 jmp 00007F61ED537681h 0x00000037 pop ecx 0x00000038 push eax 0x00000039 pushad 0x0000003a jc 00007F61ED53767Ch 0x00000040 jg 00007F61ED537676h 0x00000046 push ebx 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FF0A4 second address: 10DAD6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ebx 0x0000000a call 00007F61ECB1D1A8h 0x0000000f pop ebx 0x00000010 mov dword ptr [esp+04h], ebx 0x00000014 add dword ptr [esp+04h], 00000016h 0x0000001c inc ebx 0x0000001d push ebx 0x0000001e ret 0x0000001f pop ebx 0x00000020 ret 0x00000021 mov cx, dx 0x00000024 cmc 0x00000025 call dword ptr [ebp+122D301Ah] 0x0000002b push ecx 0x0000002c push eax 0x0000002d push edx 0x0000002e jne 00007F61ECB1D1A6h 0x00000034 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FF63A second address: 10FF645 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FF6C7 second address: 10FF6CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FF6CD second address: 10FF6D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FF865 second address: 10FF869 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FF869 second address: 10FF887 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jp 00007F61ED537676h 0x0000000d pop edi 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F61ED53767Ch 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FF8EB second address: 10FF8F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10FF8F1 second address: 10FF942 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61ED537687h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F61ED537687h 0x0000000f xchg eax, esi 0x00000010 mov ch, BEh 0x00000012 nop 0x00000013 push edx 0x00000014 push edx 0x00000015 jmp 00007F61ED53767Bh 0x0000001a pop edx 0x0000001b pop edx 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f jnc 00007F61ED537678h 0x00000025 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11000AA second address: 11000B4 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F61ECB1D1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 110047A second address: 1100487 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F61ED537676h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113201A second address: 1132020 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113214C second address: 1132150 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11322CA second address: 11322DD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push ebx 0x0000000c pushad 0x0000000d popad 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11322DD second address: 11322E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1132582 second address: 1132588 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1135987 second address: 11359D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F61ED537685h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop esi 0x0000000c pushad 0x0000000d jmp 00007F61ED53767Ch 0x00000012 jmp 00007F61ED53767Bh 0x00000017 jmp 00007F61ED537685h 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10B011B second address: 10B011F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113B760 second address: 113B764 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113B764 second address: 113B775 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 pushad 0x00000008 push edx 0x00000009 jng 00007F61ECB1D1A6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113BD39 second address: 113BD3F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113BD3F second address: 113BD45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113C30B second address: 113C311 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113C311 second address: 113C319 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113F9C6 second address: 113F9DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61ED537682h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113F9DF second address: 113F9FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F61ECB1D1B5h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113F3DB second address: 113F3EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F61ED537676h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113F3EA second address: 113F3EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113F3EE second address: 113F402 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61ED537680h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113F583 second address: 113F58D instructions: 0x00000000 rdtsc 0x00000002 jne 00007F61ECB1D1A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113F58D second address: 113F5B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F61ED537685h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F61ED53767Bh 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113F5B5 second address: 113F5B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113F745 second address: 113F74B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113F74B second address: 113F74F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113F74F second address: 113F75D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F61ED537678h 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11467CD second address: 11467D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11467D1 second address: 11467E8 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F61ED537676h 0x00000008 jmp 00007F61ED53767Dh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1145EB5 second address: 1145EB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114602B second address: 114602F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114602F second address: 1146033 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1146192 second address: 11461A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F61ED53767Dh 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1146318 second address: 114631C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114631C second address: 1146321 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114AB51 second address: 114AB57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114AB57 second address: 114AB6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F61ED537676h 0x0000000a popad 0x0000000b pushad 0x0000000c jg 00007F61ED537676h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114AB6C second address: 114ABA3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F61ECB1D1B3h 0x00000008 jmp 00007F61ECB1D1B5h 0x0000000d pop ebx 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jo 00007F61ECB1D1C3h 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114B00E second address: 114B014 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114B014 second address: 114B019 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114B41E second address: 114B422 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114B422 second address: 114B44A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61ECB1D1B5h 0x00000007 jmp 00007F61ECB1D1ABh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114B44A second address: 114B44E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114B59D second address: 114B5AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jnl 00007F61ECB1D1A6h 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114C025 second address: 114C070 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F61ED537676h 0x0000000a jmp 00007F61ED537687h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 push ecx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 pop ecx 0x00000016 jng 00007F61ED53767Eh 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F61ED53767Eh 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 popad 0x00000028 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114C070 second address: 114C07A instructions: 0x00000000 rdtsc 0x00000002 jno 00007F61ECB1D1A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114C07A second address: 114C080 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114C080 second address: 114C087 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114FFDB second address: 114FFFC instructions: 0x00000000 rdtsc 0x00000002 jg 00007F61ED537676h 0x00000008 jmp 00007F61ED537684h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114F87A second address: 114F880 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114F880 second address: 114F898 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 jmp 00007F61ED53767Dh 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114F898 second address: 114F8B0 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F61ECB1D1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F61ECB1D1ACh 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114FCC1 second address: 114FCCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jng 00007F61ED537676h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114FCCD second address: 114FCD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11514EB second address: 11514F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnc 00007F61ED537676h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11514F9 second address: 1151503 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1158AB0 second address: 1158AB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1156B5E second address: 1156B73 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push esi 0x00000008 push eax 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop eax 0x0000000c push edx 0x0000000d jg 00007F61ECB1D1A6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1156FB2 second address: 1156FB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1156FB7 second address: 1156FBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1157556 second address: 115755A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115755A second address: 115757B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F61ECB1D1B6h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebx 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115757B second address: 11575B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F61ED53767Ah 0x00000009 jl 00007F61ED537676h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F61ED537680h 0x00000019 jmp 00007F61ED537683h 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11575B7 second address: 11575BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11575BD second address: 11575CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop ecx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1157C04 second address: 1157C0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1157C0A second address: 1157C1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 jnp 00007F61ED53768Ah 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1157C1A second address: 1157C20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1157C20 second address: 1157C24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115815B second address: 1158161 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115847A second address: 1158480 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1158480 second address: 11584A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edi 0x00000006 jmp 00007F61ECB1D1B9h 0x0000000b pop edi 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11584A0 second address: 11584A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115E399 second address: 115E39F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116147A second address: 116147E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116147E second address: 116149E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F61ECB1D1A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c ja 00007F61ECB1D1AEh 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116149E second address: 11614CA instructions: 0x00000000 rdtsc 0x00000002 je 00007F61ED537676h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e ja 00007F61ED537676h 0x00000014 jmp 00007F61ED537687h 0x00000019 pop eax 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11614CA second address: 11614D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11615F4 second address: 11615F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11615F8 second address: 1161604 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F61ECB1D1A6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1161A71 second address: 1161A75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1161A75 second address: 1161A7B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1161BFC second address: 1161C11 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F61ED53767Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1161C11 second address: 1161C21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F61ECB1D1A6h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1161D46 second address: 1161D62 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F61ED537680h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1161D62 second address: 1161D66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11638B9 second address: 11638CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F61ED53767Ch 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116B7FA second address: 116B819 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F61ECB1D1B7h 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116B819 second address: 116B81F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116B81F second address: 116B82F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007F61ECB1D1A6h 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116B82F second address: 116B83A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116BB66 second address: 116BB70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F61ECB1D1A6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117282A second address: 117283E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F61ED53767Eh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117283E second address: 1172842 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1172842 second address: 1172846 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1172846 second address: 117287E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F61ECB1D1A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push esi 0x0000000e pop esi 0x0000000f pushad 0x00000010 popad 0x00000011 ja 00007F61ECB1D1A6h 0x00000017 jnl 00007F61ECB1D1A6h 0x0000001d popad 0x0000001e pop edx 0x0000001f pop eax 0x00000020 push eax 0x00000021 push edx 0x00000022 push edi 0x00000023 push ecx 0x00000024 pop ecx 0x00000025 jmp 00007F61ECB1D1B2h 0x0000002a pop edi 0x0000002b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117225D second address: 1172262 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1172262 second address: 1172289 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b jmp 00007F61ECB1D1B0h 0x00000010 push edi 0x00000011 pop edi 0x00000012 jns 00007F61ECB1D1A6h 0x00000018 popad 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1172406 second address: 117240D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117240D second address: 1172429 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F61ECB1D1B3h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117FDB7 second address: 117FDBC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117FDBC second address: 117FDC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007F61ECB1D1A6h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1184022 second address: 1184031 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11839E5 second address: 11839E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11839E9 second address: 1183A00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F61ED537676h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jns 00007F61ED537676h 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1183A00 second address: 1183A20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 jno 00007F61ECB1D1AEh 0x0000000d popad 0x0000000e push edi 0x0000000f pushad 0x00000010 jno 00007F61ECB1D1A6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1183B9C second address: 1183BD7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61ED537685h 0x00000007 jmp 00007F61ED537689h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edx 0x0000000f jp 00007F61ED537676h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1189A6A second address: 1189A74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F61ECB1D1A6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1189A74 second address: 1189A7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1189A7E second address: 1189A82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1189A82 second address: 1189A8C instructions: 0x00000000 rdtsc 0x00000002 ja 00007F61ED537676h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118FA80 second address: 118FA86 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118FA86 second address: 118FA98 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F61ED537678h 0x00000008 jng 00007F61ED53767Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1196EF6 second address: 1196EFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11986D7 second address: 11986DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119B0BA second address: 119B0C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119B0C0 second address: 119B0C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119DFC6 second address: 119DFCF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A3BF3 second address: 11A3BF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A3BF9 second address: 11A3C0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F61ECB1D1B1h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A3C0E second address: 11A3C14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A3C14 second address: 11A3C24 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61ECB1D1ACh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A2AA8 second address: 11A2AE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F61ED537676h 0x0000000a jmp 00007F61ED53767Eh 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 jmp 00007F61ED53767Fh 0x00000017 push eax 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a jnc 00007F61ED537676h 0x00000020 pop eax 0x00000021 push edi 0x00000022 push edx 0x00000023 pop edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A2C1A second address: 11A2C24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A2C24 second address: 11A2C41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F61ED53767Ah 0x00000009 jne 00007F61ED537676h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A2C41 second address: 11A2C88 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F61ECB1D1A6h 0x00000008 js 00007F61ECB1D1A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 popad 0x00000011 pushad 0x00000012 jmp 00007F61ECB1D1B7h 0x00000017 jmp 00007F61ECB1D1B9h 0x0000001c pushad 0x0000001d pushad 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A2C88 second address: 11A2C8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A2F58 second address: 11A2F69 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61ECB1D1ABh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A2F69 second address: 11A2F6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A2F6F second address: 11A2F73 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A2F73 second address: 11A2F79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A2F79 second address: 11A2F91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F61ECB1D1AEh 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A2F91 second address: 11A2F97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A2F97 second address: 11A2F9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A2F9D second address: 11A2FA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A79BF second address: 11A79E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F61ECB1D1A6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e jnp 00007F61ECB1D1A6h 0x00000014 jmp 00007F61ECB1D1ACh 0x00000019 jng 00007F61ECB1D1A6h 0x0000001f push edi 0x00000020 pop edi 0x00000021 popad 0x00000022 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AB809 second address: 11AB80E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B7AAC second address: 11B7AB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BA075 second address: 11BA090 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F61ED537676h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F61ED53767Fh 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BA090 second address: 11BA096 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BA096 second address: 11BA09B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BA09B second address: 11BA0C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F61ECB1D1A6h 0x0000000a popad 0x0000000b pushad 0x0000000c jl 00007F61ECB1D1A6h 0x00000012 jmp 00007F61ECB1D1B3h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C6FF6 second address: 11C6FFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C6FFA second address: 11C7021 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jne 00007F61ECB1D1A6h 0x0000000d jmp 00007F61ECB1D1B2h 0x00000012 jne 00007F61ECB1D1A6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C7021 second address: 11C7026 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C7026 second address: 11C7033 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F61ECB1D1A6h 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C7033 second address: 11C7044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushad 0x00000009 jl 00007F61ED537676h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C7044 second address: 11C7052 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C7052 second address: 11C7058 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11CB13D second address: 11CB15B instructions: 0x00000000 rdtsc 0x00000002 jp 00007F61ECB1D1A6h 0x00000008 jmp 00007F61ECB1D1B4h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E3099 second address: 11E30AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61ED53767Eh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E30AC second address: 11E30B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F61ECB1D1A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E3BC2 second address: 11E3BC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E3BC6 second address: 11E3BED instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jbe 00007F61ECB1D1A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jbe 00007F61ECB1D1A6h 0x00000017 jmp 00007F61ECB1D1B0h 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E3BED second address: 11E3BF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E3BF1 second address: 11E3BFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E82F4 second address: 11E82F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E82F8 second address: 11E8330 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61ECB1D1AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b jmp 00007F61ECB1D1B8h 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F61ECB1D1AAh 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E8330 second address: 11E8336 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E8336 second address: 11E835F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jo 00007F61ECB1D1B5h 0x00000010 jmp 00007F61ECB1D1AFh 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E835F second address: 11E8363 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E8363 second address: 11E8367 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E8367 second address: 11E836D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E9886 second address: 11E988F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F30E71 second address: 4F30EF0 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F61ED537688h 0x00000008 or cx, 7208h 0x0000000d jmp 00007F61ED53767Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushfd 0x00000016 jmp 00007F61ED537688h 0x0000001b xor esi, 38929468h 0x00000021 jmp 00007F61ED53767Bh 0x00000026 popfd 0x00000027 popad 0x00000028 mov ecx, dword ptr [eax+00000FDCh] 0x0000002e pushad 0x0000002f mov dx, ax 0x00000032 mov ecx, 3FA68657h 0x00000037 popad 0x00000038 test ecx, ecx 0x0000003a pushad 0x0000003b mov edx, esi 0x0000003d mov bh, ch 0x0000003f popad 0x00000040 jns 00007F61ED5376ADh 0x00000046 pushad 0x00000047 push eax 0x00000048 push edx 0x00000049 mov bx, E85Eh 0x0000004d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F30EF0 second address: 4F30F3E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61ECB1D1AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ah, 3Bh 0x0000000b popad 0x0000000c add eax, ecx 0x0000000e pushad 0x0000000f call 00007F61ECB1D1B1h 0x00000014 mov edi, esi 0x00000016 pop esi 0x00000017 mov al, dh 0x00000019 popad 0x0000001a mov eax, dword ptr [eax+00000860h] 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 jmp 00007F61ECB1D1B1h 0x00000028 movzx eax, bx 0x0000002b popad 0x0000002c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F30F3E second address: 4F30F44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F30F44 second address: 4F30F48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F30F48 second address: 4F30F77 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61ED537684h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test eax, eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007F61ED53767Dh 0x00000015 mov bh, al 0x00000017 popad 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F30F77 second address: 4F30F94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F61ECB1D1B9h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F30F94 second address: 4F30FB5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F625EF3D439h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F61ED53767Fh 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F30FB5 second address: 4F30FD2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61ECB1D1B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F8BBA second address: 10F8BBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10F8BBE second address: 10F8BC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Tries to evade debugger and weak emulator (self modifying code)
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: F53D21 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 11148BA instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 3000Thread sleep time: -60000s >= -30000sJump to behavior
    Source: file.exe, file.exe, 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: file.exe, 00000000.00000003.2143324674.0000000000C54000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2150940912.0000000000BFE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2152653316.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143483272.0000000000C67000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: file.exe, 00000000.00000003.2143324674.0000000000C54000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2152653316.0000000000C68000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143483272.0000000000C67000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBn
    Source: file.exe, 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (window names)
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F35BB0 LdrInitializeThunk,0_2_00F35BB0

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: file.exeString found in binary or memory: licendfilteo.site
    Source: file.exeString found in binary or memory: clearancek.site
    Source: file.exeString found in binary or memory: bathdoomgaz.stor
    Source: file.exeString found in binary or memory: spirittunek.stor
    Source: file.exeString found in binary or memory: dissapoiznw.stor
    Source: file.exeString found in binary or memory: studennotediw.stor
    Source: file.exeString found in binary or memory: mobbipenju.stor
    Source: file.exeString found in binary or memory: eaglepawnoy.stor
    Source: file.exe, file.exe, 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: :Program Manager
    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Command and Scripting Interpreter    		1
    DLL Side-Loading    		1
    Process Injection    		24
    Virtualization/Sandbox Evasion    		OS Credential Dumping631
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    PowerShell    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Process Injection    		LSASS Memory24
    Virtualization/Sandbox Evasion    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive3
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
    Obfuscated Files or Information    		NTDS23
    System Information Discovery    		Distributed Component Object ModelInput Capture114
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe100%AviraTR/Crypt.ZPACK.Gen
    file.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://player.vimeo.com0%URL Reputationsafe
    https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f0%URL Reputationsafe
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
    https://steam.tv/0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900100%URL Reputationmalware
    https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=english0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://lv.queniujq.cn0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/inventory/100%URL Reputationmalware
    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=en0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
    https://checkout.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englis0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
    https://store.steampowered.com/;0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r10%URL Reputationsafe
    https://recaptcha.net/recaptcha/;0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=en0%URL Reputationsafe
    https://store.steampowered.com/stats/0%URL Reputationsafe
    https://medal.tv0%URL Reputationsafe
    https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=10%URL Reputationsafe
    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
    https://login.steampowered.com/0%URL Reputationsafe
    https://store.steampowered.com/legal/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=e0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=engl0%URL Reputationsafe
    https://recaptcha.net0%URL Reputationsafe
    https://store.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/0%URL Reputationsafe
    https://api.steampowered.com/0%URL Reputationsafe
    http://store.steampowered.com/account/cookiepreferences/0%URL Reputationsafe
    https://store.steampowered.com/mobile0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&amp;l=engl0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/badges100%URL Reputationmalware

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truetrue
      		unknown
      s-part-0036.t-0009.t-msedge.net
      		13.107.246.64
      		truefalse
        		unknown
        sergei-esenin.com
        		172.67.206.204
        		truetrue
          		unknown
          eaglepawnoy.store
          		unknown
          		unknowntrue
            		unknown
            bathdoomgaz.store
            		unknown
            		unknowntrue
              		unknown
              spirittunek.store
              		unknown
              		unknowntrue
                		unknown
                licendfilteo.site
                		unknown
                		unknowntrue
                  		unknown
                  studennotediw.store
                  		unknown
                  		unknowntrue
                    		unknown
                    mobbipenju.store
                    		unknown
                    		unknowntrue
                      		unknown
                      clearancek.site
                      		unknown
                      		unknowntrue
                        		unknown
                        dissapoiznw.store
                        		unknown
                        		unknowntrue
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          studennotediw.storetrue
                            		unknown
                            dissapoiznw.storetrue
                              		unknown
                              https://steamcommunity.com/profiles/76561199724331900true
                              • URL Reputation: malware
                              		unknown
                              eaglepawnoy.storetrue
                                		unknown
                                bathdoomgaz.storetrue
                                  		unknown
                                  clearancek.sitetrue
                                    		unknown
                                    spirittunek.storetrue
                                      		unknown
                                      licendfilteo.sitetrue
                                        		unknown
                                        mobbipenju.storetrue
                                          		unknown
                                          https://sergei-esenin.com/apitrue
                                            		unknown

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            https://player.vimeo.comfile.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&ampfile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5ffile.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://steamcommunity.com/?subsection=broadcastsfile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://sergei-esenin.com/file.exe, 00000000.00000002.2152672974.0000000000C7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://www.gstatic.cn/recaptcha/file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143324674.0000000000C39000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.valvesoftware.com/legal.htmfile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://sergei-esenin.com/api(gfile.exe, 00000000.00000003.2143324674.0000000000C54000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143434001.0000000000C79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2152672974.0000000000C7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://www.youtube.comfile.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampfile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngfile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://www.google.comfile.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngfile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackfile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLfile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://s.ytimg.com;file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://steam.tv/file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=englishfile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143324674.0000000000C39000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=M7aUfile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143324674.0000000000C39000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://store.steampowered.com/points/shop/file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://sketchfab.comfile.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://lv.queniujq.cnfile.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://steamcommunity.com/profiles/76561199724331900/inventory/file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2150940912.0000000000C36000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmptrue
                                                              • URL Reputation: malware
                                                              		unknown
                                                              https://www.youtube.com/file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://sergei-esenin.com:443/apifiles/76561199724331900file.exe, 00000000.00000003.2143324674.0000000000C54000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2151973328.0000000000C54000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgfile.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2151973328.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143324674.0000000000C39000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=enfile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&afile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143324674.0000000000C39000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amfile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://www.google.com/recaptcha/file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://checkout.steampowered.com/file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=englishfile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=englishfile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngfile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://avatars.akamai.steamstaticfile.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englisfile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCfile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://store.steampowered.com/;file.exe, 00000000.00000002.2152672974.0000000000CB2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131773298.0000000000C7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://store.steampowered.com/about/file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://steamcommunity.com/my/wishlist/file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=englishfile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://help.steampowered.com/en/file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://steamcommunity.com/market/file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://store.steampowered.com/news/file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://community.akamai.steamstatic.com/file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143324674.0000000000C39000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgfile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2150940912.0000000000C36000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://recaptcha.net/recaptcha/;file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=enfile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://steamcommunity.com/discussions/file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://store.steampowered.com/stats/file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://medal.tvfile.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://broadcast.st.dl.eccdnx.comfile.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2150940912.0000000000C36000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://store.steampowered.com/steam_refunds/file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://steamcommunity.com/workshop/file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://login.steampowered.com/file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://store.steampowered.com/legal/file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143324674.0000000000C39000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=efile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=Gu9gs5hffile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143324674.0000000000C39000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvfile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=englfile.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=IZH_ONwLX4kw&amp;l=efile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://recaptcha.netfile.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://store.steampowered.com/file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvwfile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.giffile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143324674.0000000000C39000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://127.0.0.1:27060file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=englishfile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://help.steampowered.com/file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://api.steampowered.com/file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://store.steampowered.com/account/cookiepreferences/file.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143324674.0000000000C39000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://store.steampowered.com/mobilefile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://steamcommunity.com/file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2151973328.0000000000C54000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&amp;l=englishfile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&amp;l=englfile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://steamcommunity.com/profiles/76561199724331900/badgesfile.exe, 00000000.00000003.2131677927.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143290374.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2151973328.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131677927.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2143324674.0000000000C39000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                              • URL Reputation: malware
                                                                                              		unknown

                                                                                              World Map of Contacted IPs

                                                                                              • No. of IPs < 25%
                                                                                              • 25% < No. of IPs < 50%
                                                                                              • 50% < No. of IPs < 75%
                                                                                              • 75% < No. of IPs

                                                                                              Public IPs

                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                              104.102.49.254
                                                                                              		steamcommunity.comUnited States
                                                                                              		16625AKAMAI-ASUStrue
                                                                                              172.67.206.204
                                                                                              		sergei-esenin.comUnited States
                                                                                              		13335CLOUDFLARENETUStrue

                                                                                              General Information

                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                              Analysis ID:1531602
                                                                                              Start date and time:2024-10-11 12:43:10 +02:00
                                                                                              Joe Sandbox product:CloudBasic
                                                                                              Overall analysis duration:0h 2m 49s
                                                                                              Hypervisor based Inspection enabled:false
                                                                                              Report type:full
                                                                                              Cookbook file name:default.jbs
                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                              Number of analysed new started processes analysed:2
                                                                                              Number of new started drivers analysed:0
                                                                                              Number of existing processes analysed:0
                                                                                              Number of existing drivers analysed:0
                                                                                              Number of injected processes analysed:0
                                                                                              Technologies:
                                                                                              • HCA enabled
                                                                                              • EGA enabled
                                                                                              • AMSI enabled
                                                                                              Analysis Mode:default
                                                                                              Analysis stop reason:Timeout
                                                                                              Sample name:file.exe
                                                                                              Detection:MAL
                                                                                              Classification:mal100.troj.evad.winEXE@1/0@10/2
                                                                                              EGA Information:
                                                                                              • Successful, ratio: 100%
                                                                                              HCA Information:Failed
                                                                                              Cookbook Comments:
                                                                                              • Found application associated with file extension: .exe
                                                                                              • Stop behavior analysis, all processes terminated

                                                                                              Warnings

                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                              • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, otelrules.afd.azureedge.net, azureedge-t-prod.trafficmanager.net
                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                              • VT rate limit hit for: file.exe

                                                                                              Simulations

                                                                                              Behavior and APIs

                                                                                              TimeTypeDescription
                                                                                              06:44:02API Interceptor2x Sleep call for process: file.exe modified

                                                                                              Joe Sandbox View / Context

                                                                                              IPs

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                              • www.valvesoftware.com/legal.htm
                                                                                              172.67.206.204kwVoiAAfGm.exeGet hashmaliciousLummaCBrowse
                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                      Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                        Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                file.exeGet hashmaliciousLummaCBrowse

                                                                                                                  Domains

                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                  s-part-0036.t-0009.t-msedge.netkwVoiAAfGm.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 13.107.246.64
                                                                                                                  ATT4416530006_Swissquote.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                  • 13.107.246.64
                                                                                                                  https://clicktime.symantec.com/15tpJCqdM9QTMPCbrFFYy?h=klzqFfVRykrA0KxCmyOSMtGNk2cnn93amKCU2afEZ8c=&u=https://www.tiktok.com/link/v2?aid%3D1988%26lang%3Den%26scene%3Dbio_url%26target%3Dhttps://www.google.ht/url?q%3Dhttps://google%25E3%2580%2582com/amp/s/cli.re/kBNkWr%23a2FyZW4ubWNjcm9ob25AdXJlbmNvLmNvbQ%3D%3D%252F%26opi%3D256371986142%26usg%3DlxfGUQNysmkDx%26source%3Dgmail%26ust%3D2908128326238375%26usg%3DAO2mBxLVnqpOjng75rOWFwZ2mBxLVnqpOqR75Get hashmaliciousHTMLPhisherBrowse
                                                                                                                  • 13.107.246.64
                                                                                                                  Quarantined Messages(11).zipGet hashmaliciousHTMLPhisherBrowse
                                                                                                                  • 13.107.246.64
                                                                                                                  http://hans.uniformeslaamistad.com/yuop/66e6ea133c92f_crypted.exe#xinGet hashmaliciousPureLog Stealer, RedLine, zgRATBrowse
                                                                                                                  • 13.107.246.64
                                                                                                                  bJ7Q5TP1uG.exeGet hashmaliciousMetasploitBrowse
                                                                                                                  • 13.107.246.64
                                                                                                                  1f13Cs1ogc.exeGet hashmaliciousStealcBrowse
                                                                                                                  • 13.107.246.64
                                                                                                                  VLSiVR4Qxs.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                  • 13.107.246.64
                                                                                                                  file.exeGet hashmaliciousStealcBrowse
                                                                                                                  • 13.107.246.64
                                                                                                                  https://fenster-mark-gmbhsharefile.btn-ebikes.com/Get hashmaliciousUnknownBrowse
                                                                                                                  • 13.107.246.64
                                                                                                                  sergei-esenin.comTtiLyVLw3Q.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.21.53.8
                                                                                                                  kwVoiAAfGm.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 172.67.206.204
                                                                                                                  l0T55kCdTI.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.21.53.8
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.21.53.8
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.21.53.8
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.21.53.8
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 172.67.206.204
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.21.53.8
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 172.67.206.204
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 172.67.206.204
                                                                                                                  steamcommunity.comfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  TtiLyVLw3Q.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 23.192.247.89
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 23.192.247.89
                                                                                                                  kwVoiAAfGm.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 23.192.247.89
                                                                                                                  nU3dGuezsg.exeGet hashmaliciousAmadey, StealcBrowse
                                                                                                                  • 23.192.247.89
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 23.192.247.89
                                                                                                                  l0T55kCdTI.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 23.199.218.33
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254

                                                                                                                  ASNs

                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                  CLOUDFLARENETUShttps://skarinbroekmanvanvliets.taplink.ws/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                  • 104.19.148.54
                                                                                                                  https://smolliehallpulsincoukg.taplink.ws/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                  • 104.19.148.54
                                                                                                                  024.xlsx.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                                                  • 172.67.74.152
                                                                                                                  https://acr1-br.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                  • 104.17.25.14
                                                                                                                  Play_VM-Now(Gracehealthmi)CLQD-68d4d7d5ab7d9dd5e551e3b0c7ea5fc5.htmlGet hashmaliciousUnknownBrowse
                                                                                                                  • 104.16.79.73
                                                                                                                  https://mkoirelandie.blob.core.windows.net/madelinelarkin/mkoprojects.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                  • 172.67.166.38
                                                                                                                  TtiLyVLw3Q.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.21.53.8
                                                                                                                  TotalXTunisiaXRFQ.scr.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                  • 188.114.96.3
                                                                                                                  Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 172.67.140.92
                                                                                                                  http://amendes-recouvrement.comGet hashmaliciousUnknownBrowse
                                                                                                                  • 1.1.1.1
                                                                                                                  AKAMAI-ASUSfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  TtiLyVLw3Q.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 23.192.247.89
                                                                                                                  na.elfGet hashmaliciousMiraiBrowse
                                                                                                                  • 23.64.233.20
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 23.192.247.89
                                                                                                                  na.elfGet hashmaliciousMiraiBrowse
                                                                                                                  • 23.36.242.170
                                                                                                                  kwVoiAAfGm.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 23.192.247.89
                                                                                                                  na.elfGet hashmaliciousMiraiBrowse
                                                                                                                  • 184.86.165.80
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 23.192.247.89
                                                                                                                  l0T55kCdTI.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 23.199.218.33

                                                                                                                  JA3 Fingerprints

                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                  a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  • 172.67.206.204
                                                                                                                  TtiLyVLw3Q.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  • 172.67.206.204
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  • 172.67.206.204
                                                                                                                  7hmGbJQzp5.xlamGet hashmaliciousHidden Macro 4.0Browse
                                                                                                                  • 104.102.49.254
                                                                                                                  • 172.67.206.204
                                                                                                                  xlwings.xlamGet hashmaliciousHidden Macro 4.0Browse
                                                                                                                  • 104.102.49.254
                                                                                                                  • 172.67.206.204
                                                                                                                  PI-4009832-2024.xlam.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  • 172.67.206.204
                                                                                                                  kwVoiAAfGm.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  • 172.67.206.204
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  • 172.67.206.204
                                                                                                                  l0T55kCdTI.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  • 172.67.206.204
                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  • 104.102.49.254
                                                                                                                  • 172.67.206.204

                                                                                                                  Dropped Files

                                                                                                                  No context

                                                                                                                  Created / dropped Files

                                                                                                                  No created / dropped files found

                                                                                                                  Static File Info

                                                                                                                  General

                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                  Entropy (8bit):7.948411751295975
                                                                                                                  TrID:
                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                  File name:file.exe
                                                                                                                  File size:1'862'656 bytes
                                                                                                                  MD5:8bcd9a742acedb19fbd8ba34b3a3db7b
                                                                                                                  SHA1:0058e1c3e4996e00e005590d98fe51be13b541dd
                                                                                                                  SHA256:742c352c8b9dfbf3440c35e71545f153ef344e4deb58b803809dab6925cad8ec
                                                                                                                  SHA512:2c839e71f40d98dd992411043f4665fef8b08ef87af3586cc08b01b6daa01a4335e3ce1cd44172064dc4b877abee9e620dec61c65df303d9236d4a3e4e0599a7
                                                                                                                  SSDEEP:49152:HyaLeAdXN12G7AsIL01Gx2p9KiVQsT5ygO7C2D08:HyyRd12GMiGx2ThVQsIgO7C2D08
                                                                                                                  TLSH:BF8533BC7F3F8C0CF8B66A307E92D1548B2D2119EBB35791EA49E69C878F6401199770
                                                                                                                  File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f.............................@J...........@..........................pJ...........@.................................W...k..

                                                                                                                  File Icon

                                                                                                                  Icon Hash:00928e8e8686b000

                                                                                                                  Static PE Info

                                                                                                                  General

                                                                                                                  Entrypoint:0x8a4000
                                                                                                                  Entrypoint Section:.taggant
                                                                                                                  Digitally signed:false
                                                                                                                  Imagebase:0x400000
                                                                                                                  Subsystem:windows gui
                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                  DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                  Time Stamp:0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
                                                                                                                  TLS Callbacks:
                                                                                                                  CLR (.Net) Version:
                                                                                                                  OS Version Major:6
                                                                                                                  OS Version Minor:0
                                                                                                                  File Version Major:6
                                                                                                                  File Version Minor:0
                                                                                                                  Subsystem Version Major:6
                                                                                                                  Subsystem Version Minor:0
                                                                                                                  Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                  Entrypoint Preview

                                                                                                                  Instruction
                                                                                                                  jmp 00007F61ECD5AA0Ah
                                                                                                                  cmovp ebx, dword ptr [eax+eax]
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  jmp 00007F61ECD5CA05h
                                                                                                                  add byte ptr [ecx], al
                                                                                                                  or al, byte ptr [eax]
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], dh
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add al, byte ptr [eax]
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [ecx], al
                                                                                                                  or al, byte ptr [eax]
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [ecx+00000080h], dh
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], dh
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax+eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al

                                                                                                                  Data Directories

                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x5f0570x6b.idata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x5f1f80x8.idata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                  Sections

                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                  0x10000x5d0000x25e00d18a014a46206dc41bd3bf8ef04178a4False0.9995165532178217data7.977222839698793IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                  .rsrc 0x5e0000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                  .idata 0x5f0000x10000x200fe72def8b74193a84232a780098a7ce0False0.150390625data1.04205214219471IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                  0x600000x2a50000x200a3fd9b3daa8e72d66e8c0d7abe28c7c4unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                  jtkykacn0x3050000x19e0000x19d4005fc8c92baab501637827164ca14c0699False0.9940703219525105data7.954417597984127IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                  tsjbrqzq0x4a30000x10000x40028dd400bb62623d276ace41f9d4c5b12False0.748046875data5.935074491993634IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                  .taggant0x4a40000x30000x22008c601e27121b643256fb95769ba41b19False0.07123161764705882DOS executable (COM)0.7454858150453326IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                  Imports

                                                                                                                  DLLImport
                                                                                                                  kernel32.dlllstrcpy

                                                                                                                  Network Behavior

                                                                                                                  Suricata IDS Alerts

                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                  2024-10-11T12:44:03.270996+02002056471ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)1192.168.2.6510141.1.1.153UDP
                                                                                                                  2024-10-11T12:44:03.288730+02002056485ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)1192.168.2.6568091.1.1.153UDP
                                                                                                                  2024-10-11T12:44:03.301771+02002056483ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)1192.168.2.6550761.1.1.153UDP
                                                                                                                  2024-10-11T12:44:03.314013+02002056481ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)1192.168.2.6524821.1.1.153UDP
                                                                                                                  2024-10-11T12:44:03.326470+02002056479ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)1192.168.2.6518811.1.1.153UDP
                                                                                                                  2024-10-11T12:44:03.337045+02002056477ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)1192.168.2.6496581.1.1.153UDP
                                                                                                                  2024-10-11T12:44:03.348515+02002056475ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)1192.168.2.6645781.1.1.153UDP
                                                                                                                  2024-10-11T12:44:03.359037+02002056473ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)1192.168.2.6552901.1.1.153UDP
                                                                                                                  2024-10-11T12:44:04.773062+02002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.649699104.102.49.254443TCP
                                                                                                                  2024-10-11T12:44:06.077543+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.649700172.67.206.204443TCP
                                                                                                                  2024-10-11T12:44:06.077543+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649700172.67.206.204443TCP

                                                                                                                  Network Port Distribution

                                                                                                                  TCP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Oct 11, 2024 12:44:03.390852928 CEST49699443192.168.2.6104.102.49.254
                                                                                                                  Oct 11, 2024 12:44:03.390889883 CEST44349699104.102.49.254192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:03.390966892 CEST49699443192.168.2.6104.102.49.254
                                                                                                                  Oct 11, 2024 12:44:03.394378901 CEST49699443192.168.2.6104.102.49.254
                                                                                                                  Oct 11, 2024 12:44:03.394391060 CEST44349699104.102.49.254192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:04.214759111 CEST44349699104.102.49.254192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:04.214893103 CEST49699443192.168.2.6104.102.49.254
                                                                                                                  Oct 11, 2024 12:44:04.269511938 CEST49699443192.168.2.6104.102.49.254
                                                                                                                  Oct 11, 2024 12:44:04.269541979 CEST44349699104.102.49.254192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:04.270474911 CEST44349699104.102.49.254192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:04.314301968 CEST49699443192.168.2.6104.102.49.254
                                                                                                                  Oct 11, 2024 12:44:04.327177048 CEST49699443192.168.2.6104.102.49.254
                                                                                                                  Oct 11, 2024 12:44:04.371411085 CEST44349699104.102.49.254192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:04.773099899 CEST44349699104.102.49.254192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:04.773122072 CEST44349699104.102.49.254192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:04.773144960 CEST44349699104.102.49.254192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:04.773161888 CEST44349699104.102.49.254192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:04.773183107 CEST44349699104.102.49.254192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:04.773296118 CEST49699443192.168.2.6104.102.49.254
                                                                                                                  Oct 11, 2024 12:44:04.773317099 CEST44349699104.102.49.254192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:04.773365021 CEST49699443192.168.2.6104.102.49.254
                                                                                                                  Oct 11, 2024 12:44:04.903762102 CEST44349699104.102.49.254192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:04.903816938 CEST44349699104.102.49.254192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:04.903893948 CEST49699443192.168.2.6104.102.49.254
                                                                                                                  Oct 11, 2024 12:44:04.903919935 CEST44349699104.102.49.254192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:04.903938055 CEST49699443192.168.2.6104.102.49.254
                                                                                                                  Oct 11, 2024 12:44:04.903964043 CEST49699443192.168.2.6104.102.49.254
                                                                                                                  Oct 11, 2024 12:44:04.910546064 CEST44349699104.102.49.254192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:04.910639048 CEST49699443192.168.2.6104.102.49.254
                                                                                                                  Oct 11, 2024 12:44:04.910651922 CEST44349699104.102.49.254192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:04.910701036 CEST49699443192.168.2.6104.102.49.254
                                                                                                                  Oct 11, 2024 12:44:04.910706997 CEST44349699104.102.49.254192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:04.910804987 CEST44349699104.102.49.254192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:04.910859108 CEST49699443192.168.2.6104.102.49.254
                                                                                                                  Oct 11, 2024 12:44:04.915952921 CEST49699443192.168.2.6104.102.49.254
                                                                                                                  Oct 11, 2024 12:44:04.915973902 CEST44349699104.102.49.254192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:04.915982962 CEST49699443192.168.2.6104.102.49.254
                                                                                                                  Oct 11, 2024 12:44:04.915990114 CEST44349699104.102.49.254192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:05.104029894 CEST49700443192.168.2.6172.67.206.204
                                                                                                                  Oct 11, 2024 12:44:05.104068041 CEST44349700172.67.206.204192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:05.104147911 CEST49700443192.168.2.6172.67.206.204
                                                                                                                  Oct 11, 2024 12:44:05.104705095 CEST49700443192.168.2.6172.67.206.204
                                                                                                                  Oct 11, 2024 12:44:05.104717970 CEST44349700172.67.206.204192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:05.583668947 CEST44349700172.67.206.204192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:05.583915949 CEST49700443192.168.2.6172.67.206.204
                                                                                                                  Oct 11, 2024 12:44:05.587023973 CEST49700443192.168.2.6172.67.206.204
                                                                                                                  Oct 11, 2024 12:44:05.587034941 CEST44349700172.67.206.204192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:05.587264061 CEST44349700172.67.206.204192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:05.588658094 CEST49700443192.168.2.6172.67.206.204
                                                                                                                  Oct 11, 2024 12:44:05.588676929 CEST49700443192.168.2.6172.67.206.204
                                                                                                                  Oct 11, 2024 12:44:05.588709116 CEST44349700172.67.206.204192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:06.077588081 CEST44349700172.67.206.204192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:06.077756882 CEST44349700172.67.206.204192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:06.077822924 CEST49700443192.168.2.6172.67.206.204
                                                                                                                  Oct 11, 2024 12:44:06.077987909 CEST49700443192.168.2.6172.67.206.204
                                                                                                                  Oct 11, 2024 12:44:06.078007936 CEST44349700172.67.206.204192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:06.078018904 CEST49700443192.168.2.6172.67.206.204
                                                                                                                  Oct 11, 2024 12:44:06.078026056 CEST44349700172.67.206.204192.168.2.6

                                                                                                                  UDP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Oct 11, 2024 12:44:03.270996094 CEST5101453192.168.2.61.1.1.1
                                                                                                                  Oct 11, 2024 12:44:03.279763937 CEST53510141.1.1.1192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:03.288729906 CEST5680953192.168.2.61.1.1.1
                                                                                                                  Oct 11, 2024 12:44:03.298686981 CEST53568091.1.1.1192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:03.301770926 CEST5507653192.168.2.61.1.1.1
                                                                                                                  Oct 11, 2024 12:44:03.311817884 CEST53550761.1.1.1192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:03.314013004 CEST5248253192.168.2.61.1.1.1
                                                                                                                  Oct 11, 2024 12:44:03.324048042 CEST53524821.1.1.1192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:03.326469898 CEST5188153192.168.2.61.1.1.1
                                                                                                                  Oct 11, 2024 12:44:03.335875988 CEST53518811.1.1.1192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:03.337044954 CEST4965853192.168.2.61.1.1.1
                                                                                                                  Oct 11, 2024 12:44:03.347275019 CEST53496581.1.1.1192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:03.348515034 CEST6457853192.168.2.61.1.1.1
                                                                                                                  Oct 11, 2024 12:44:03.357820034 CEST53645781.1.1.1192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:03.359036922 CEST5529053192.168.2.61.1.1.1
                                                                                                                  Oct 11, 2024 12:44:03.372642994 CEST53552901.1.1.1192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:03.378434896 CEST5184953192.168.2.61.1.1.1
                                                                                                                  Oct 11, 2024 12:44:03.385704994 CEST53518491.1.1.1192.168.2.6
                                                                                                                  Oct 11, 2024 12:44:04.944952011 CEST5626453192.168.2.61.1.1.1
                                                                                                                  Oct 11, 2024 12:44:05.101923943 CEST53562641.1.1.1192.168.2.6

                                                                                                                  DNS Queries

                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                  Oct 11, 2024 12:44:03.270996094 CEST192.168.2.61.1.1.10x8686Standard query (0)clearancek.siteA (IP address)IN (0x0001)false
                                                                                                                  Oct 11, 2024 12:44:03.288729906 CEST192.168.2.61.1.1.10xfba5Standard query (0)mobbipenju.storeA (IP address)IN (0x0001)false
                                                                                                                  Oct 11, 2024 12:44:03.301770926 CEST192.168.2.61.1.1.10x1fc2Standard query (0)eaglepawnoy.storeA (IP address)IN (0x0001)false
                                                                                                                  Oct 11, 2024 12:44:03.314013004 CEST192.168.2.61.1.1.10xffc8Standard query (0)dissapoiznw.storeA (IP address)IN (0x0001)false
                                                                                                                  Oct 11, 2024 12:44:03.326469898 CEST192.168.2.61.1.1.10xaa5fStandard query (0)studennotediw.storeA (IP address)IN (0x0001)false
                                                                                                                  Oct 11, 2024 12:44:03.337044954 CEST192.168.2.61.1.1.10x3578Standard query (0)bathdoomgaz.storeA (IP address)IN (0x0001)false
                                                                                                                  Oct 11, 2024 12:44:03.348515034 CEST192.168.2.61.1.1.10xacc6Standard query (0)spirittunek.storeA (IP address)IN (0x0001)false
                                                                                                                  Oct 11, 2024 12:44:03.359036922 CEST192.168.2.61.1.1.10xec1cStandard query (0)licendfilteo.siteA (IP address)IN (0x0001)false
                                                                                                                  Oct 11, 2024 12:44:03.378434896 CEST192.168.2.61.1.1.10x576bStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                  Oct 11, 2024 12:44:04.944952011 CEST192.168.2.61.1.1.10xc5d2Standard query (0)sergei-esenin.comA (IP address)IN (0x0001)false

                                                                                                                  DNS Answers

                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                  Oct 11, 2024 12:44:03.279763937 CEST1.1.1.1192.168.2.60x8686Name error (3)clearancek.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                  Oct 11, 2024 12:44:03.298686981 CEST1.1.1.1192.168.2.60xfba5Name error (3)mobbipenju.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                  Oct 11, 2024 12:44:03.311817884 CEST1.1.1.1192.168.2.60x1fc2Name error (3)eaglepawnoy.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                  Oct 11, 2024 12:44:03.324048042 CEST1.1.1.1192.168.2.60xffc8Name error (3)dissapoiznw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                  Oct 11, 2024 12:44:03.335875988 CEST1.1.1.1192.168.2.60xaa5fName error (3)studennotediw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                  Oct 11, 2024 12:44:03.347275019 CEST1.1.1.1192.168.2.60x3578Name error (3)bathdoomgaz.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                  Oct 11, 2024 12:44:03.357820034 CEST1.1.1.1192.168.2.60xacc6Name error (3)spirittunek.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                  Oct 11, 2024 12:44:03.372642994 CEST1.1.1.1192.168.2.60xec1cName error (3)licendfilteo.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                  Oct 11, 2024 12:44:03.385704994 CEST1.1.1.1192.168.2.60x576bNo error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                  Oct 11, 2024 12:44:05.101923943 CEST1.1.1.1192.168.2.60xc5d2No error (0)sergei-esenin.com172.67.206.204A (IP address)IN (0x0001)false
                                                                                                                  Oct 11, 2024 12:44:05.101923943 CEST1.1.1.1192.168.2.60xc5d2No error (0)sergei-esenin.com104.21.53.8A (IP address)IN (0x0001)false
                                                                                                                  Oct 11, 2024 12:44:12.900382996 CEST1.1.1.1192.168.2.60xf0beNo error (0)shed.dual-low.s-part-0036.t-0009.t-msedge.nets-part-0036.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Oct 11, 2024 12:44:12.900382996 CEST1.1.1.1192.168.2.60xf0beNo error (0)s-part-0036.t-0009.t-msedge.net13.107.246.64A (IP address)IN (0x0001)false

                                                                                                                  HTTP Request Dependency Graph

                                                                                                                  • steamcommunity.com
                                                                                                                  • sergei-esenin.com

                                                                                                                  HTTPS Proxied Packets

                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  0192.168.2.649699104.102.49.2544432104C:\Users\user\Desktop\file.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-10-11 10:44:04 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                  Connection: Keep-Alive
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                  Host: steamcommunity.com
                                                                                                                  2024-10-11 10:44:04 UTC1870INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                  Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Date: Fri, 11 Oct 2024 10:44:04 GMT
                                                                                                                  Content-Length: 34837
                                                                                                                  Connection: close
                                                                                                                  Set-Cookie: sessionid=9ba8b8f5e1de6b2a531a77dc; Path=/; Secure; SameSite=None
                                                                                                                  Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                  2024-10-11 10:44:04 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                  Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                  2024-10-11 10:44:04 UTC16384INData Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f
                                                                                                                  Data Ascii: <script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#glo
                                                                                                                  2024-10-11 10:44:04 UTC3768INData Raw: 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29
                                                                                                                  Data Ascii: <div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function()
                                                                                                                  2024-10-11 10:44:04 UTC171INData Raw: 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                  Data Ascii: <span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  1192.168.2.649700172.67.206.2044432104C:\Users\user\Desktop\file.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-10-11 10:44:05 UTC264OUTPOST /api HTTP/1.1
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                  Content-Length: 8
                                                                                                                  Host: sergei-esenin.com
                                                                                                                  2024-10-11 10:44:05 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                  Data Ascii: act=life
                                                                                                                  2024-10-11 10:44:06 UTC827INHTTP/1.1 200 OK
                                                                                                                  Date: Fri, 11 Oct 2024 10:44:06 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  Set-Cookie: PHPSESSID=bs63d0066lvh70d461en3cb2ph; expires=Tue, 04 Feb 2025 04:30:44 GMT; Max-Age=9999999; path=/
                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                  Pragma: no-cache
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  vary: accept-encoding
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p4pV28K6KulfGJjU9JUMQeFM16jYdpITyq%2BhJEbwCsJ9guPuVg%2FegPssD2nAcZ0%2BWKEHKYXQLsOLnOAzuZp0Vs6FJdOYsh1NtxgbVpoBRZp8tcEmnSwBmEMR6SVBMlbzj04m0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d0e40bf6ce742e2-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  2024-10-11 10:44:06 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                  Data Ascii: aerror #D12
                                                                                                                  2024-10-11 10:44:06 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Statistics

                                                                                                                  CPU Usage

                                                                                                                  Click to jump to process

                                                                                                                  Memory Usage

                                                                                                                  Click to jump to process

                                                                                                                  High Level Behavior Distribution

                                                                                                                  Click to dive into process behavior distribution

                                                                                                                  System Behavior

                                                                                                                  General

                                                                                                                  Target ID:0
                                                                                                                  Start time:06:44:00
                                                                                                                  Start date:11/10/2024
                                                                                                                  Path:C:\Users\user\Desktop\file.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                  Imagebase:0xef0000
                                                                                                                  File size:1'862'656 bytes
                                                                                                                  MD5 hash:8BCD9A742ACEDB19FBD8BA34B3A3DB7B
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:low
                                                                                                                  Has exited:true

                                                                                                                  Disassembly

                                                                                                                  Reset < >

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:1%
                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                    Signature Coverage:57.8%
                                                                                                                    Total number of Nodes:45
                                                                                                                    Total number of Limit Nodes:5
                                                                                                                    execution_graph 21225 f360d2 21227 f360fa 21225->21227 21226 f3614e 21230 f35bb0 LdrInitializeThunk 21226->21230 21227->21226 21231 f35bb0 LdrInitializeThunk 21227->21231 21230->21226 21231->21226 21250 f350fa 21251 f35176 LoadLibraryExW 21250->21251 21253 f3514c 21250->21253 21252 f3518c 21251->21252 21253->21251 21254 f364b8 21255 f363f2 21254->21255 21256 f3646e 21255->21256 21258 f35bb0 LdrInitializeThunk 21255->21258 21258->21256 21259 f0049b 21263 f00227 21259->21263 21260 f00455 21266 f35700 RtlFreeHeap 21260->21266 21263->21260 21264 f00308 21263->21264 21265 f35700 RtlFreeHeap 21263->21265 21265->21260 21266->21264 21267 f3673d 21269 f366aa 21267->21269 21268 f36793 21269->21268 21272 f35bb0 LdrInitializeThunk 21269->21272 21271 f367b3 21272->21271 21273 effca0 21276 effcdc 21273->21276 21274 efffe4 21276->21274 21277 f33220 21276->21277 21278 f332a2 RtlFreeHeap 21277->21278 21279 f33236 21277->21279 21280 f332ac 21277->21280 21278->21280 21279->21278 21280->21274 21281 f33202 RtlAllocateHeap 21282 f3626a 21283 f3628d 21282->21283 21286 f362de 21283->21286 21289 f35bb0 LdrInitializeThunk 21283->21289 21285 f3636e 21286->21285 21288 f35bb0 LdrInitializeThunk 21286->21288 21288->21285 21289->21286 21290 f2d9cb 21292 f2d9fb 21290->21292 21291 f2da65 21292->21291 21294 f35bb0 LdrInitializeThunk 21292->21294 21294->21292 21295 efd110 21297 efd119 21295->21297 21296 efd2ee ExitProcess 21297->21296

                                                                                                                    Executed Functions

                                                                                                                    Function 00F350FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63libraryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 25 f350fa-f3514a 26 f35176-f35186 LoadLibraryExW 25->26 27 f3514c-f3514f 25->27 28 f352d8-f35304 26->28 29 f3518c-f351b5 26->29 30 f35150-f35174 call f35a50 27->30 29->28 30->26
                                                                                                                    APIs
                                                                                                                    • LoadLibraryExW.KERNEL32(19A41BB1,00000000,00000800), ref: 00F35182
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LibraryLoad
                                                                                                                    • String ID: <I$)$<I$)$@^
                                                                                                                    • API String ID: 1029625771-935358343
                                                                                                                    • Opcode ID: 745974a47322c1bf135ad0c4036340a1ff828cf24d808fcd79d2c290717d247c
                                                                                                                    • Instruction ID: f03f5efd09b7b4ab795f48af2680965554a084027186cedf0509a54a8e0d0b7b
                                                                                                                    • Opcode Fuzzy Hash: 745974a47322c1bf135ad0c4036340a1ff828cf24d808fcd79d2c290717d247c
                                                                                                                    • Instruction Fuzzy Hash: F321AE395083888FC300DF68D88172AB7E4ABAA710F69882CE5C5D7362D736D915DB56
                                                                                                                    Function 00EFFCA0 Relevance: 5.4, Strings: 4, Instructions: 373COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 33 effca0-effcda 34 effcdc-effcdf 33->34 35 effd0b-effe22 33->35 38 effce0-effd09 call f02690 34->38 36 effe5b-effe8c 35->36 37 effe24 35->37 40 effe8e-effe8f 36->40 41 effeb6-effecf call f00b50 36->41 39 effe30-effe59 call f02760 37->39 38->35 39->36 45 effe90-effeb4 call f02700 40->45 51 effed5-effef8 41->51 52 efffe4-efffe6 41->52 45->41 54 efff2b-efff2d 51->54 55 effefa 51->55 53 f001b1-f001bb 52->53 57 efff30-efff3a 54->57 56 efff00-efff29 call f027e0 55->56 56->54 59 efff3c-efff3f 57->59 60 efff41-efff49 57->60 59->57 59->60 62 efff4f-efff76 60->62 63 f001a2-f001a5 call f33220 60->63 64 efffab-efffb5 62->64 65 efff78 62->65 67 f001aa-f001ad 63->67 69 efffeb 64->69 70 efffb7-efffbb 64->70 68 efff80-efffa9 call f02840 65->68 67->53 68->64 71 efffed-efffef 69->71 73 efffc7-efffcb 70->73 74 f0019a 71->74 76 effff5-f0002c 71->76 73->74 75 efffd1-efffd8 73->75 74->63 78 efffde 75->78 79 efffda-efffdc 75->79 80 f0005b-f00065 76->80 81 f0002e-f0002f 76->81 82 efffc0-efffc5 78->82 83 efffe0-efffe2 78->83 79->78 85 f000a4 80->85 86 f00067-f0006f 80->86 84 f00030-f00059 call f028a0 81->84 82->71 82->73 83->82 84->80 87 f000a6-f000a8 85->87 89 f00087-f0008b 86->89 87->74 91 f000ae-f000c5 87->91 89->74 90 f00091-f00098 89->90 93 f0009a-f0009c 90->93 94 f0009e 90->94 95 f000c7 91->95 96 f000fb-f00102 91->96 93->94 97 f00080-f00085 94->97 98 f000a0-f000a2 94->98 99 f000d0-f000f9 call f02900 95->99 100 f00130-f0013c 96->100 101 f00104-f0010d 96->101 97->87 97->89 98->97 99->96 102 f001c2-f001c7 100->102 104 f00117-f0011b 101->104 102->63 104->74 106 f0011d-f00124 104->106 107 f00126-f00128 106->107 108 f0012a 106->108 107->108 109 f00110-f00115 108->109 110 f0012c-f0012e 108->110 109->104 111 f00141-f00143 109->111 110->109 111->74 112 f00145-f0015b 111->112 112->102 113 f0015d-f0015f 112->113 114 f00163-f00166 113->114 115 f00168-f00188 call f02030 114->115 116 f001bc 114->116 119 f00192-f00198 115->119 120 f0018a-f00190 115->120 116->102 119->102 120->114 120->119
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: J|BJ$V$VY^_$t
                                                                                                                    • API String ID: 0-3701112211
                                                                                                                    • Opcode ID: 08619c00750d9b597397f154725cb42c567e0372284605d5960131c6080d6d4c
                                                                                                                    • Instruction ID: 97704e04feb1d885eee5737874efa0a45bf2046c0b724fec432dd4a04c27b4f0
                                                                                                                    • Opcode Fuzzy Hash: 08619c00750d9b597397f154725cb42c567e0372284605d5960131c6080d6d4c
                                                                                                                    • Instruction Fuzzy Hash: FAD1787560C3809BD310DF14949472FBBE1AF96748F18882CF9C99B292C736DD49EB92
                                                                                                                    Function 00EFD110 Relevance: 1.7, APIs: 1, Instructions: 168COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 157 efd110-efd11b call f34cc0 160 efd2ee-efd2f6 ExitProcess 157->160 161 efd121-efd130 call f2c8d0 157->161 165 efd2e9 call f356e0 161->165 166 efd136-efd15f 161->166 165->160 170 efd196-efd1bf 166->170 171 efd161 166->171 173 efd1f6-efd20c 170->173 174 efd1c1 170->174 172 efd170-efd194 call efd300 171->172 172->170 177 efd20e-efd20f 173->177 178 efd239-efd23b 173->178 176 efd1d0-efd1f4 call efd370 174->176 176->173 183 efd210-efd237 call efd3e0 177->183 179 efd23d-efd25a 178->179 180 efd286-efd2aa 178->180 179->180 184 efd25c-efd25f 179->184 185 efd2ac-efd2af 180->185 186 efd2d6 call efe8f0 180->186 183->178 189 efd260-efd284 call efd440 184->189 190 efd2b0-efd2d4 call efd490 185->190 195 efd2db-efd2dd 186->195 189->180 190->186 195->165 198 efd2df-efd2e4 call f02f10 call f00b40 195->198 198->165
                                                                                                                    APIs
                                                                                                                    • ExitProcess.KERNEL32(00000000), ref: 00EFD2F1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExitProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 621844428-0
                                                                                                                    • Opcode ID: a38edc28dd67e531767c69d064857538bcf707e6a110c8d04a564c3215e24c88
                                                                                                                    • Instruction ID: 6e0edc4936626cc12ac2a820d0e300b4e7aee5f4d581b5be801592c34ccf6260
                                                                                                                    • Opcode Fuzzy Hash: a38edc28dd67e531767c69d064857538bcf707e6a110c8d04a564c3215e24c88
                                                                                                                    • Instruction Fuzzy Hash: 5E41477040D344ABD301BB64D944A2EFFE6EF52749F149C0CE6C4A7262C339D814ABA7
                                                                                                                    Function 00F35BB0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 212 f35bb0-f35be2 LdrInitializeThunk
                                                                                                                    APIs
                                                                                                                    • LdrInitializeThunk.NTDLL(00F3973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00F35BDE
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                    • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                                                                                    • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                    • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                                                                                    Function 00F3695B Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 241 f3695b-f3696b call f34a20 244 f36981-f36a02 241->244 245 f3696d 241->245 247 f36a36-f36a42 244->247 248 f36a04 244->248 246 f36970-f3697f 245->246 246->244 246->246 249 f36a85-f36a9f 247->249 250 f36a44-f36a4f 247->250 251 f36a10-f36a34 call f373e0 248->251 252 f36a50-f36a57 250->252 251->247 255 f36a60-f36a66 252->255 256 f36a59-f36a5c 252->256 255->249 258 f36a68-f36a7d call f35bb0 255->258 256->252 257 f36a5e 256->257 257->249 260 f36a82 258->260 260->249
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: @
                                                                                                                    • API String ID: 0-2766056989
                                                                                                                    • Opcode ID: 31bdb1026d91b1231a30e34bec486b99f200bcff64a9be94562171812b904e88
                                                                                                                    • Instruction ID: f762401be079789b520b31d843ea8e06a74c504b825d19892403316f0943ff4a
                                                                                                                    • Opcode Fuzzy Hash: 31bdb1026d91b1231a30e34bec486b99f200bcff64a9be94562171812b904e88
                                                                                                                    • Instruction Fuzzy Hash: 6531ACB1908305AFDB14EF14C89072ABBF1FF95364F04881CE9C6D7261E3389904EB56
                                                                                                                    Function 00F0049B Relevance: .3, Instructions: 264COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 261 f0049b-f00515 call efc9f0 265 f00370-f0037e 261->265 266 f003d0-f003d7 261->266 267 f00311-f00332 261->267 268 f00472-f00477 261->268 269 f00393-f00397 261->269 270 f00356 261->270 271 f00417-f00430 261->271 272 f00339-f0034f 261->272 273 f0045b-f00469 call f35700 261->273 274 f003fb-f00414 261->274 275 f0051c-f0051e 261->275 276 f003be 261->276 277 f003de-f003e3 261->277 278 f0035f-f00367 261->278 279 f00440-f00458 call f35700 261->279 280 f00480 261->280 281 f00242-f00244 261->281 282 f00482-f00484 261->282 283 f00246-f00260 261->283 284 f00386-f0038c 261->284 285 f00227-f0023b 261->285 286 f00308-f0030c 261->286 287 f003ec-f003f4 261->287 265->284 266->268 266->269 266->271 266->274 266->277 266->280 266->282 266->284 266->287 267->265 267->266 267->268 267->269 267->270 267->271 267->272 267->273 267->274 267->276 267->277 267->278 267->279 267->280 267->282 267->284 267->287 268->280 298 f003a0-f003b7 269->298 270->278 271->279 272->265 272->266 272->268 272->269 272->270 272->271 272->273 272->274 272->276 272->277 272->278 272->279 272->280 272->282 272->284 272->287 273->268 274->271 292 f00520 275->292 276->266 277->287 278->265 279->273 289 f00296-f002bd 281->289 294 f0048d-f00496 282->294 290 f00262 283->290 291 f00294 283->291 284->268 284->269 284->280 284->282 285->265 285->266 285->267 285->268 285->269 285->270 285->271 285->272 285->273 285->274 285->276 285->277 285->278 285->279 285->280 285->281 285->282 285->283 285->284 285->286 285->287 286->294 287->268 287->269 287->274 287->280 287->282 300 f002ea-f00301 289->300 301 f002bf 289->301 299 f00270-f00292 call f02eb0 290->299 291->289 306 f00529-f00b30 292->306 294->292 298->266 298->268 298->269 298->271 298->273 298->274 298->276 298->277 298->279 298->280 298->282 298->284 298->287 299->291 300->265 300->266 300->267 300->268 300->269 300->270 300->271 300->272 300->273 300->274 300->276 300->277 300->278 300->279 300->280 300->282 300->284 300->286 300->287 308 f002c0-f002e8 call f02e70 301->308 308->300
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cf707319ea96f05a1784848880aad8641d92a78ce5c7782c0cfb839814a86e9a
                                                                                                                    • Instruction ID: 5cc652ca0f06e896d120d9069f66ef6501e44635dbe5092766b2d15221d37a99
                                                                                                                    • Opcode Fuzzy Hash: cf707319ea96f05a1784848880aad8641d92a78ce5c7782c0cfb839814a86e9a
                                                                                                                    • Instruction Fuzzy Hash: 8B915B75600B04CFD728CF25D894B26B7F6FF89314F118A6CE8568B6A1DB30E819EB50
                                                                                                                    Function 00F00228 Relevance: .2, Instructions: 218COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 315 f00228-f0023b 316 f00370-f0037e 315->316 317 f003d0-f003d7 315->317 318 f00311-f00332 315->318 319 f00472-f00477 315->319 320 f00393-f00397 315->320 321 f00356 315->321 322 f00417-f00430 315->322 323 f00339-f0034f 315->323 324 f0045b-f00469 call f35700 315->324 325 f003fb-f00414 315->325 326 f003be 315->326 327 f003de-f003e3 315->327 328 f0035f-f00367 315->328 329 f00440-f00458 call f35700 315->329 330 f00480 315->330 331 f00242-f00244 315->331 332 f00482-f00484 315->332 333 f00246-f00260 315->333 334 f00386-f0038c 315->334 335 f00308-f0030c 315->335 336 f003ec-f003f4 315->336 316->334 317->319 317->320 317->322 317->325 317->327 317->330 317->332 317->334 317->336 318->316 318->317 318->319 318->320 318->321 318->322 318->323 318->324 318->325 318->326 318->327 318->328 318->329 318->330 318->332 318->334 318->336 319->330 346 f003a0-f003b7 320->346 321->328 322->329 323->316 323->317 323->319 323->320 323->321 323->322 323->324 323->325 323->326 323->327 323->328 323->329 323->330 323->332 323->334 323->336 324->319 325->322 326->317 327->336 328->316 329->324 338 f00296-f002bd 331->338 342 f0048d-f00496 332->342 339 f00262 333->339 340 f00294 333->340 334->319 334->320 334->330 334->332 335->342 336->319 336->320 336->325 336->330 336->332 348 f002ea-f00301 338->348 349 f002bf 338->349 347 f00270-f00292 call f02eb0 339->347 340->338 356 f00520 342->356 346->317 346->319 346->320 346->322 346->324 346->325 346->326 346->327 346->329 346->330 346->332 346->334 346->336 347->340 348->316 348->317 348->318 348->319 348->320 348->321 348->322 348->323 348->324 348->325 348->326 348->327 348->328 348->329 348->330 348->332 348->334 348->335 348->336 355 f002c0-f002e8 call f02e70 349->355 355->348 361 f00529-f00b30 356->361
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: aeefcc42784c96d8bb979561872adc462a3b7932a0e47ce5f844d0f1d069f915
                                                                                                                    • Instruction ID: d73307a19c03934065c628b6110fb146e486212e8b146a01d32a9c556ead83c7
                                                                                                                    • Opcode Fuzzy Hash: aeefcc42784c96d8bb979561872adc462a3b7932a0e47ce5f844d0f1d069f915
                                                                                                                    • Instruction Fuzzy Hash: D1717C75600705DFD724CF24DC94B26B7F6FF4A314F10896CE8568B6A2DB31A819EB60
                                                                                                                    Function 00F399D0 Relevance: .1, Instructions: 143COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8f2a655235ddeaaf9931c3e7f6ed01cc1068e9fb190f13b15084715b305b77b7
                                                                                                                    • Instruction ID: 2c175f494f452d331734128afc09ed61ce0866bcfc58a9bb8df348957a783414
                                                                                                                    • Opcode Fuzzy Hash: 8f2a655235ddeaaf9931c3e7f6ed01cc1068e9fb190f13b15084715b305b77b7
                                                                                                                    • Instruction Fuzzy Hash: 5F419F3460C304ABDB14AA15D890B2BFBE5EBC5B34F14892CF5C997251D3B9E901EB62
                                                                                                                    Function 00F363B8 Relevance: .1, Instructions: 99COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: a992c985ee70fea253c9978a930753ec3ade362d131dc498d44e4036ca41d9ec
                                                                                                                    • Instruction ID: bd9e9b228cf3bd7a65e8e41bad6b4a9025048b72a9eb40c1a934bb676165b9e2
                                                                                                                    • Opcode Fuzzy Hash: a992c985ee70fea253c9978a930753ec3ade362d131dc498d44e4036ca41d9ec
                                                                                                                    • Instruction Fuzzy Hash: 1831E474A49301BBDA24DB04CD82F3AB7A6FB91B31F64851CF5C19B2E1D370A811AB56
                                                                                                                    Function 00F00EEC Relevance: .1, Instructions: 72COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 258db40424f04b7a25d65ceccde515b0f10f96379e74198c709ee7dea02b9f4b
                                                                                                                    • Instruction ID: b9fe138a4085c14fb08ece7b98ea00e922dbd02d9bdcced7e1420a0535277d48
                                                                                                                    • Opcode Fuzzy Hash: 258db40424f04b7a25d65ceccde515b0f10f96379e74198c709ee7dea02b9f4b
                                                                                                                    • Instruction Fuzzy Hash: A4213CB4D0021A9FDB15CF94CC90BBEBBB2FB46305F144809E411BB291C735A901EB64
                                                                                                                    Function 00F33220 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 202 f33220-f3322f 203 f332a2-f332a6 RtlFreeHeap 202->203 204 f332a0 202->204 205 f33236-f33252 202->205 206 f332ac-f332b0 202->206 203->206 204->203 207 f33286-f33296 205->207 208 f33254 205->208 207->204 209 f33260-f33284 call f35af0 208->209 209->207
                                                                                                                    APIs
                                                                                                                    • RtlFreeHeap.NTDLL(?,00000000), ref: 00F332A6
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3298025750-0
                                                                                                                    • Opcode ID: e10b3d25d1a68f4f886f17481843d31853f41100a40cb25db97afa214ea3f041
                                                                                                                    • Instruction ID: ad8adbc5e0c89458ead4fe50db45e19749cda938a04e978d541f14efc9e826f4
                                                                                                                    • Opcode Fuzzy Hash: e10b3d25d1a68f4f886f17481843d31853f41100a40cb25db97afa214ea3f041
                                                                                                                    • Instruction Fuzzy Hash: D2016D3450D2409BC701EF18E845A1ABBE8EF5AB10F054C1CE5C58B361D339DD60EB92
                                                                                                                    Function 00F33202 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 213 f33202-f33211 RtlAllocateHeap
                                                                                                                    APIs
                                                                                                                    • RtlAllocateHeap.NTDLL(?,00000000), ref: 00F33208
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1279760036-0
                                                                                                                    • Opcode ID: 1242cb04b67eadf6d14be1aaa21d22f09466ede3aaac97e5fb7ae2217315c01f
                                                                                                                    • Instruction ID: c62852977a6875fb0864f462ec3d2dc67fd22ca3422ad43e24a546710eef5d99
                                                                                                                    • Opcode Fuzzy Hash: 1242cb04b67eadf6d14be1aaa21d22f09466ede3aaac97e5fb7ae2217315c01f
                                                                                                                    • Instruction Fuzzy Hash: F9B012340400005FDA041B00EC0AF003510EB10605F800050A500040B1D1655864D554

                                                                                                                    Non-executed Functions

                                                                                                                    Function 00F223E0 Relevance: 33.0, APIs: 4, Strings: 13, Instructions: 3298COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C$#v
                                                                                                                    • API String ID: 0-2260822535
                                                                                                                    • Opcode ID: 6eac12310a673c863c5e59d6fc75a407c1d8c3e70ed43af86a5170c53885b2ae
                                                                                                                    • Instruction ID: 3575159236542b306c66c265996433c9b75242d4b76a97e5e7e5dacacbdd2e10
                                                                                                                    • Opcode Fuzzy Hash: 6eac12310a673c863c5e59d6fc75a407c1d8c3e70ed43af86a5170c53885b2ae
                                                                                                                    • Instruction Fuzzy Hash: A733EEB0504B918FD7658F38D590762BBE1BF16304F58499DE4DA8BB82C339F806DBA1
                                                                                                                    Function 00F0DB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
                                                                                                                    • API String ID: 2994545307-1418943773
                                                                                                                    • Opcode ID: 4877631e6a8071ea3af8e794a19ac1f42cae674b01b94b53bdedf010b55abf4f
                                                                                                                    • Instruction ID: 4638ce406642b1ffeea3bf76d9b8e07a1f5abe9f4546185c6d8ab60cc15024e7
                                                                                                                    • Opcode Fuzzy Hash: 4877631e6a8071ea3af8e794a19ac1f42cae674b01b94b53bdedf010b55abf4f
                                                                                                                    • Instruction Fuzzy Hash: 27F28AB55093819BD770CF14C884BABBBE2BFD5314F144C2CE4C98B292D7359988EB92
                                                                                                                    Function 00F19F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
                                                                                                                    • API String ID: 0-1131134755
                                                                                                                    • Opcode ID: d74e35ecc8a280b26ea5b97864bea01f9eaddccab7146c73e6ef1af76f975a83
                                                                                                                    • Instruction ID: 68a5bb85ba94360fb87ef183d6305f431a996e8d7b372492f9c96af173d26a8b
                                                                                                                    • Opcode Fuzzy Hash: d74e35ecc8a280b26ea5b97864bea01f9eaddccab7146c73e6ef1af76f975a83
                                                                                                                    • Instruction Fuzzy Hash: FE52C7B844D385CAE270CF25D581B8EBAF1BB92740F608A1DE5ED9B255DB708085CF93
                                                                                                                    Function 00F19510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
                                                                                                                    • API String ID: 0-655414846
                                                                                                                    • Opcode ID: bee00fc3a6a5e416f64a6d322e8edc94799334475a7874e9f86d653e58435c7f
                                                                                                                    • Instruction ID: 4dac4f44cd42da04d00e009b3c65b8a07615ee23a75e69d1e9fcbc128af5d357
                                                                                                                    • Opcode Fuzzy Hash: bee00fc3a6a5e416f64a6d322e8edc94799334475a7874e9f86d653e58435c7f
                                                                                                                    • Instruction Fuzzy Hash: 6BF16FB4408384ABD300DF15D890A6BBBF4FB8AB48F540D1CF9D59B252D374D948EBA6
                                                                                                                    Function 00F1DD29 Relevance: 14.9, Strings: 11, Instructions: 1142COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$upH}${E
                                                                                                                    • API String ID: 0-1557708024
                                                                                                                    • Opcode ID: 0139518610e9fe38e58be6bc917e7195245f7afb5e1e709732c90074ba28ca06
                                                                                                                    • Instruction ID: 941d959089170c03d395280654d92adfb58f7b2484848b0f29471487a5718345
                                                                                                                    • Opcode Fuzzy Hash: 0139518610e9fe38e58be6bc917e7195245f7afb5e1e709732c90074ba28ca06
                                                                                                                    • Instruction Fuzzy Hash: F4921775E00219CFDB04CF68D8517AEBBB2FF5A320F294168E852AB391D735AD41DB90
                                                                                                                    Function 010AEAAF Relevance: 12.9, Strings: 9, Instructions: 1633COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: "d@~$/ctm$5|y$7S_'$7S_'$@u=w$K8w$Mko$!^
                                                                                                                    • API String ID: 0-3945961551
                                                                                                                    • Opcode ID: 150a38cfcd4c476eaa8760e4eb492cc29a218acfbba94ea380f05633ad927502
                                                                                                                    • Instruction ID: 288f8dc27ca2093924db23b2d34d23cc11783416dfb9d8a5f5b37af77027a4bc
                                                                                                                    • Opcode Fuzzy Hash: 150a38cfcd4c476eaa8760e4eb492cc29a218acfbba94ea380f05633ad927502
                                                                                                                    • Instruction Fuzzy Hash: 52B2F7F36086049FE304AE2DEC8567AFBE9EFD4720F1A893DE6C4C3744E63558058696
                                                                                                                    Function 00F1098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
                                                                                                                    • API String ID: 0-4102007303
                                                                                                                    • Opcode ID: 8699bda252ec60b6210201624439eb139877cf95938f634786da73914cdfbf52
                                                                                                                    • Instruction ID: 7c3b99e232b32dab757713da740bc2f497ce5be0cd88d84e6f9d1ebf9125c8a7
                                                                                                                    • Opcode Fuzzy Hash: 8699bda252ec60b6210201624439eb139877cf95938f634786da73914cdfbf52
                                                                                                                    • Instruction Fuzzy Hash: 4062CAB5A083858BD330CF14D891BABBBE1FF96314F08492DE49A8B641E7759880DF53
                                                                                                                    Function 00EF1000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
                                                                                                                    • API String ID: 0-2517803157
                                                                                                                    • Opcode ID: a498a604f4cf5bae7f38ccae331b16188220c6a6a0e9f702de551709631f34ed
                                                                                                                    • Instruction ID: fd29015bbbc06809cf44ddc658ecb9d7491c0a6e96b39eaaf119d3c2e5e9a7bb
                                                                                                                    • Opcode Fuzzy Hash: a498a604f4cf5bae7f38ccae331b16188220c6a6a0e9f702de551709631f34ed
                                                                                                                    • Instruction Fuzzy Hash: 85D213716083498FD718CE28C49037ABBE2AFC5318F189A6DE699E7391D734DD45CB82
                                                                                                                    Function 010B565B Relevance: 10.4, Strings: 7, Instructions: 1612COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 0xw?$Eq{$HDNL$Mkh$[t3E$r*13$r*13
                                                                                                                    • API String ID: 0-3525301873
                                                                                                                    • Opcode ID: 3f3a9395bdc87627529e16a6becd1553c3f95b3063b62e936416dccf0407ef7b
                                                                                                                    • Instruction ID: 2a722af77b1b7b2dc9a7824074a0c8755381dd1d2663bbef7e7cc6b3733a3aad
                                                                                                                    • Opcode Fuzzy Hash: 3f3a9395bdc87627529e16a6becd1553c3f95b3063b62e936416dccf0407ef7b
                                                                                                                    • Instruction Fuzzy Hash: A2B2F6F360C2009FE304AE2DEC8567ABBE5EFD4720F1A893DE6C4C7744E63598458696
                                                                                                                    Function 010AD149 Relevance: 9.1, Strings: 6, Instructions: 1558COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: "oA$*&{_$+vs;$`|IF$o&;w$x;?I
                                                                                                                    • API String ID: 0-3551963485
                                                                                                                    • Opcode ID: eafd7500b7a17e254d0622cd5ead8d5f441a25e5e6788c6e552aad7058280963
                                                                                                                    • Instruction ID: f17eeefdedbc3c063940e50f81090de5fdc94b3b3886bbf4fb0e247c0162ccd3
                                                                                                                    • Opcode Fuzzy Hash: eafd7500b7a17e254d0622cd5ead8d5f441a25e5e6788c6e552aad7058280963
                                                                                                                    • Instruction Fuzzy Hash: 46A2E5F360C2049FE304AE2DEC8567AFBE9EF94720F16493DEAC487744EA3558058697
                                                                                                                    Function 00EF12F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 0$0$0$@$i
                                                                                                                    • API String ID: 0-3124195287
                                                                                                                    • Opcode ID: b38b907964498b4f6e8cee634564c1613c6ddc32cbc38ec862acbbecac7272cd
                                                                                                                    • Instruction ID: 3301524b70168447bf09b21bda525b12761c4ae25552c361c045c0f6e5110f55
                                                                                                                    • Opcode Fuzzy Hash: b38b907964498b4f6e8cee634564c1613c6ddc32cbc38ec862acbbecac7272cd
                                                                                                                    • Instruction Fuzzy Hash: 1F62E47160C3898BC318CF28C49037ABBE1AFD5308F189A5DEAD9A7291D775DD49CB42
                                                                                                                    Function 00EF164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                                                    • API String ID: 0-1123320326
                                                                                                                    • Opcode ID: 7c6ea8ebb88abccff8b911f027370a2a6c26ce2eae47d0e54406a61c26bbe8a0
                                                                                                                    • Instruction ID: 8576e44c0cce4e5e3f9da5c36aaba7f7cac9a31b0da4e9ee6bfae119f5de876f
                                                                                                                    • Opcode Fuzzy Hash: 7c6ea8ebb88abccff8b911f027370a2a6c26ce2eae47d0e54406a61c26bbe8a0
                                                                                                                    • Instruction Fuzzy Hash: 00F1B13160C3858FC719CE28C48426AFBE2AFD9308F18DA6DE6D997352D774D944CB92
                                                                                                                    Function 00EF13A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                                                    • API String ID: 0-3620105454
                                                                                                                    • Opcode ID: e8c2bc1366b2b3e63873bbac4b0739f23ecd37619a94022b58ebf5ca74c5ad09
                                                                                                                    • Instruction ID: 8cb388bfac2784d8bf930cf98eb50922bcfa3a1670a87265eecd880a7c71b671
                                                                                                                    • Opcode Fuzzy Hash: e8c2bc1366b2b3e63873bbac4b0739f23ecd37619a94022b58ebf5ca74c5ad09
                                                                                                                    • Instruction Fuzzy Hash: 93D1BF3160C7858FC719CE29C48026AFBE2AFD9308F08DA6DE6D997352D334D949CB52
                                                                                                                    Function 010BC0D4 Relevance: 6.6, Strings: 4, Instructions: 1637COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: N/~k$UK[$W7w$rJ~u
                                                                                                                    • API String ID: 0-1469450778
                                                                                                                    • Opcode ID: 1caa217b718055344a1db4c01c53d5c64ab7da5cffcf48874edab3a503fc8d29
                                                                                                                    • Instruction ID: dc08499acf536faa195a6efd070fdcf39430839b1c54c5b16e347ee3797f2e31
                                                                                                                    • Opcode Fuzzy Hash: 1caa217b718055344a1db4c01c53d5c64ab7da5cffcf48874edab3a503fc8d29
                                                                                                                    • Instruction Fuzzy Hash: F3B206F3A0C6009FE304AE2DEC8567ABBE5EFD4720F1A453DE6C4C7744EA3598058696
                                                                                                                    Function 010B3C0B Relevance: 6.6, Strings: 4, Instructions: 1588COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: YRw$v^K$z2_$}:
                                                                                                                    • API String ID: 0-3890545493
                                                                                                                    • Opcode ID: 5d598131b032b625f5d9660242c1bec04677c89526a81a559ea4de2bb7cf3a22
                                                                                                                    • Instruction ID: ffb9ed209fad53d9b92f906de6619691e3305ab093746425b4cd57c39bc0c400
                                                                                                                    • Opcode Fuzzy Hash: 5d598131b032b625f5d9660242c1bec04677c89526a81a559ea4de2bb7cf3a22
                                                                                                                    • Instruction Fuzzy Hash: 45B2F6F3A0C2049FE304AE2DEC8567ABBE5EF94320F1A4A3DE6C5C7744E63558058697
                                                                                                                    Function 010BDBD5 Relevance: 6.5, Strings: 4, Instructions: 1546COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: /X_$*;=o$iwg)$wv>
                                                                                                                    • API String ID: 0-1359784294
                                                                                                                    • Opcode ID: 757feff75e1decca359987e344a7a31939b10278327ab557d1365d5654cb0cd6
                                                                                                                    • Instruction ID: dc34c0453c8d23efa845f6f3401cbbc558e42198629297c7dc2106d6b1415ff4
                                                                                                                    • Opcode Fuzzy Hash: 757feff75e1decca359987e344a7a31939b10278327ab557d1365d5654cb0cd6
                                                                                                                    • Instruction Fuzzy Hash: 77B2C3F360C2009FE308AE29DC85A7ABBE9EF98720F16493DE6C5C7744E63558418797
                                                                                                                    Function 00F1FD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: :$NA_I$m1s3$uvw
                                                                                                                    • API String ID: 0-3973114637
                                                                                                                    • Opcode ID: 47475bf50bb4ac4a735ae3e2113a955b0cc0f1a58602234de13c7e5d99456081
                                                                                                                    • Instruction ID: c44985dd673b85b2f130aa4901e11e8f23143d9fd3add316bc8f6f12888f3b43
                                                                                                                    • Opcode Fuzzy Hash: 47475bf50bb4ac4a735ae3e2113a955b0cc0f1a58602234de13c7e5d99456081
                                                                                                                    • Instruction Fuzzy Hash: EC32BCB590C384DFD300DF28E880B2ABBE1BB9A310F14492CF5D58B292D739D955EB52
                                                                                                                    Function 00F03BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+($;z$p$ss
                                                                                                                    • API String ID: 0-2391135358
                                                                                                                    • Opcode ID: bb8156520c76ef865ac99855ed4c5c56bf6cf5294f2f620bede35851887f32a0
                                                                                                                    • Instruction ID: c45fa66585ad8ff8f74296760a7dae4c151521b2531141aaaf431f06377b1c88
                                                                                                                    • Opcode Fuzzy Hash: bb8156520c76ef865ac99855ed4c5c56bf6cf5294f2f620bede35851887f32a0
                                                                                                                    • Instruction Fuzzy Hash: AD027CB4810B00DFD760EF24D986756BFF5FB02701F50895CE89A9B696E334E418DBA2
                                                                                                                    Function 00F12260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: a|$hu$lc$sj
                                                                                                                    • API String ID: 0-3748788050
                                                                                                                    • Opcode ID: b27973e313f69c371685761aec9d9b59a562049116f85401e2e96cab2fd71a38
                                                                                                                    • Instruction ID: d0d5db78ae890acfe0501fd2d167b22bbe58c39c8624646014ee2f90444c254c
                                                                                                                    • Opcode Fuzzy Hash: b27973e313f69c371685761aec9d9b59a562049116f85401e2e96cab2fd71a38
                                                                                                                    • Instruction Fuzzy Hash: 77A1AE748083418BC720DF58C891A6BF7F0FF96364F588A0CE8D59B291E339D991DB96
                                                                                                                    Function 00F1D7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: #'$CV$KV$T>
                                                                                                                    • API String ID: 0-95592268
                                                                                                                    • Opcode ID: 0ffa1cb7722ff2512e29d4a22f640ede415ebcac501a630ba931d167ec85ac95
                                                                                                                    • Instruction ID: 4b143083b055237fbd2709e0a839624dd6fc1e36f76faa3890ddbd7dd78910ec
                                                                                                                    • Opcode Fuzzy Hash: 0ffa1cb7722ff2512e29d4a22f640ede415ebcac501a630ba931d167ec85ac95
                                                                                                                    • Instruction Fuzzy Hash: 028145B4801B459BDB20DFA5D6851AEBFB1FF12300F60560CE486ABA55C334AA55CFE2
                                                                                                                    Function 00F1AC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: (g6e$,{*y$4c2a$lk
                                                                                                                    • API String ID: 0-1327526056
                                                                                                                    • Opcode ID: 1534e12b2e4d28fb55773d8dfadad80efd40bb981fcb0f851d7bb2984d77d219
                                                                                                                    • Instruction ID: 5ff1c6cc9f434b027b55712b97b81581500498ce9e9d4b68093309c23d98a8ed
                                                                                                                    • Opcode Fuzzy Hash: 1534e12b2e4d28fb55773d8dfadad80efd40bb981fcb0f851d7bb2984d77d219
                                                                                                                    • Instruction Fuzzy Hash: 454186B4809381CBD7209F24D900BABB7F0FF86305F54995DE9C897260EB36D984DB96
                                                                                                                    Function 00F1C470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+($%*+($~/i!
                                                                                                                    • API String ID: 0-4033100838
                                                                                                                    • Opcode ID: 0de4975dfdf81fd2c86496976aa3c031046005b22f27e9c244f89fc5f6cee957
                                                                                                                    • Instruction ID: 484f8d23ce524c4cfb0863963baf62a49581d476ab0cfd36ca8dd62e93fd34ad
                                                                                                                    • Opcode Fuzzy Hash: 0de4975dfdf81fd2c86496976aa3c031046005b22f27e9c244f89fc5f6cee957
                                                                                                                    • Instruction Fuzzy Hash: B1E1B8B5908344DFE3209F24D881B5ABBF5FB96350F48882CE9C887251D735D854DB92
                                                                                                                    Function 00EF8590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: )$)$IEND
                                                                                                                    • API String ID: 0-588110143
                                                                                                                    • Opcode ID: a945104ae6d7d12d1c459a823700c1f0883f02e21785519c328029485b405c05
                                                                                                                    • Instruction ID: e57414b94461c43b855579306548dacc6f24b82b5d84bd2577e7ed30b9929f98
                                                                                                                    • Opcode Fuzzy Hash: a945104ae6d7d12d1c459a823700c1f0883f02e21785519c328029485b405c05
                                                                                                                    • Instruction Fuzzy Hash: 1DE1C3B1A0870A9FD310CF28C94176ABBE0FB94314F14592DE699A7381DB75E914CBC2
                                                                                                                    Function 010BB1B0 Relevance: 3.1, Strings: 2, Instructions: 622COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: )BC$r_k}
                                                                                                                    • API String ID: 0-1354018383
                                                                                                                    • Opcode ID: fad7fd283b1ea66aa4d3da510b09ed8167ecdcead3cd1b7c0537189398334679
                                                                                                                    • Instruction ID: 18100857690adddacb1834c150a8ba9ae165c3af0d58269668c71ac83c82a7d8
                                                                                                                    • Opcode Fuzzy Hash: fad7fd283b1ea66aa4d3da510b09ed8167ecdcead3cd1b7c0537189398334679
                                                                                                                    • Instruction Fuzzy Hash: C222C2F3A08300AFD304AF69DD8566AFBE9EF94720F16892DE6C4C3744E63598418B57
                                                                                                                    Function 00F34040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+($f
                                                                                                                    • API String ID: 0-2038831151
                                                                                                                    • Opcode ID: e45752814b780385e8f0fcfe3fcd702d6b980ee2eebb15a5afca5603430d6b36
                                                                                                                    • Instruction ID: f361e49117e3c25ceaf37714675e083d776e337689236e25685756b883ea0688
                                                                                                                    • Opcode Fuzzy Hash: e45752814b780385e8f0fcfe3fcd702d6b980ee2eebb15a5afca5603430d6b36
                                                                                                                    • Instruction Fuzzy Hash: 6D128B71A083419FC715DF18C880B2ABBE5FB89324F188A2CF8959B391D735F9459B92
                                                                                                                    Function 00F2F620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: dg$hi
                                                                                                                    • API String ID: 0-2859417413
                                                                                                                    • Opcode ID: 81514465e4fb9f9b53970d2ecca98a782b645f589dbb2cf6f6bd90775cffbe34
                                                                                                                    • Instruction ID: 382e668f8ddb5e783ecb7be1564304c8e4051a8cc2a6313af50c01ac8058293d
                                                                                                                    • Opcode Fuzzy Hash: 81514465e4fb9f9b53970d2ecca98a782b645f589dbb2cf6f6bd90775cffbe34
                                                                                                                    • Instruction Fuzzy Hash: 4FF1A575618301EFE704CF24D891B2ABBF5FB86354F94992CF4858B2A1C738D848DB12
                                                                                                                    Function 00EF35B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: Inf$NaN
                                                                                                                    • API String ID: 0-3500518849
                                                                                                                    • Opcode ID: cc102714e906ed3c76cde075da30218eada4e746e50ae204eacafb0a184078eb
                                                                                                                    • Instruction ID: c50cdd58a7d8aa9bccba9d77d834041346bf71a35abda17cdd21a0bd24a2c4fc
                                                                                                                    • Opcode Fuzzy Hash: cc102714e906ed3c76cde075da30218eada4e746e50ae204eacafb0a184078eb
                                                                                                                    • Instruction Fuzzy Hash: D6D1F771A083159BC718CF29C88066FB7E1EFC8750F25992DFA99A7390E775DD048B82
                                                                                                                    Function 010B2147 Relevance: 2.8, Strings: 1, Instructions: 1600COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: `*}}
                                                                                                                    • API String ID: 0-2610815251
                                                                                                                    • Opcode ID: 68a4563714ece036b8ffa4a43538a27c55823e3f955c1f64b2588847e9733839
                                                                                                                    • Instruction ID: a7f78a13ff137ae506545cf10b99f06e033035ecf27d5601d4443fdcbe81f847
                                                                                                                    • Opcode Fuzzy Hash: 68a4563714ece036b8ffa4a43538a27c55823e3f955c1f64b2588847e9733839
                                                                                                                    • Instruction Fuzzy Hash: CEB2E7F390C2049FE314AE2DDC8567AFBE9EF94720F1A493DEAC5C3744EA3558018696
                                                                                                                    Function 00F0FFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: BaBc$Ye[g
                                                                                                                    • API String ID: 0-286865133
                                                                                                                    • Opcode ID: 54de24b616329983ec4b8e3085bed0adafda9826f3e02729fe09a6e27b69070b
                                                                                                                    • Instruction ID: 66a15b7baa3703dd4f0a75175001a8ee35a5b74e4639d4cf69799aa079a12f82
                                                                                                                    • Opcode Fuzzy Hash: 54de24b616329983ec4b8e3085bed0adafda9826f3e02729fe09a6e27b69070b
                                                                                                                    • Instruction Fuzzy Hash: E651BEB1A083858BD331CF14C881BABB7E0FF96360F18491DE49A9B651E7B499C0DB57
                                                                                                                    Function 00EF5160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %1.17g
                                                                                                                    • API String ID: 0-1551345525
                                                                                                                    • Opcode ID: d2ebb4a126277c10e7a1c31ecbc915388690bd34173225b85ad2464f5a65df4c
                                                                                                                    • Instruction ID: 7ac013eaa357eb0b2f5a795a3ffbbeffe86db1a02f7f9ea9e5637213c1546b6f
                                                                                                                    • Opcode Fuzzy Hash: d2ebb4a126277c10e7a1c31ecbc915388690bd34173225b85ad2464f5a65df4c
                                                                                                                    • Instruction Fuzzy Hash: 5822D4B3608B4A8BE7158E18D840336BBE2AFF1348F19956EDB59AB391E771DC04C741
                                                                                                                    Function 00F212D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: "
                                                                                                                    • API String ID: 0-123907689
                                                                                                                    • Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                                                                    • Instruction ID: e000a2119f1630aa3827ac06e96a18e72f7fc63876726e0a7e31f6a202487c5a
                                                                                                                    • Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                                                                    • Instruction Fuzzy Hash: 83F15671A083614BC724CE24D490B6BBBE6BFE5320F1C856DE88A87382D634DD05E796
                                                                                                                    Function 00F1AE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+(
                                                                                                                    • API String ID: 0-3233224373
                                                                                                                    • Opcode ID: cac2ebf11f14ccf31c1c41bee701a9f6f8c9cd6691904dadaaff29bc633980ee
                                                                                                                    • Instruction ID: 12801889109d2fdb9865c373132c6253ecc87fa3a9af75b30af997f5cfd91598
                                                                                                                    • Opcode Fuzzy Hash: cac2ebf11f14ccf31c1c41bee701a9f6f8c9cd6691904dadaaff29bc633980ee
                                                                                                                    • Instruction Fuzzy Hash: 6DE1BD75508306DBC324DF28C4905AEB7F2FFA9791F54891CE8D587220E335E999EB82
                                                                                                                    Function 00F06EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+(
                                                                                                                    • API String ID: 0-3233224373
                                                                                                                    • Opcode ID: 8839a4ff41a258e8a342bed2224ab2cda5c605c218a2ff0339c0ecfe5d894584
                                                                                                                    • Instruction ID: 2cf4f068b5f8060a8b4725a77ed36e2c4ba0bb28c6d61ad4a8b7be329f17c260
                                                                                                                    • Opcode Fuzzy Hash: 8839a4ff41a258e8a342bed2224ab2cda5c605c218a2ff0339c0ecfe5d894584
                                                                                                                    • Instruction Fuzzy Hash: 78F1ADB5A00B05CFD7249F24D881A26B3F2FF48325B14892DE597C7A91EB34F925EB41
                                                                                                                    Function 00F17E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+(
                                                                                                                    • API String ID: 0-3233224373
                                                                                                                    • Opcode ID: c4cdda0f6d05cb8f76ce22b0a1e8ba4364613a338c84237fabf8a064e68dd154
                                                                                                                    • Instruction ID: aad3c429cfd257d0ad91277f3f2184de35a7fe4c929e13329e3610d06b7ef698
                                                                                                                    • Opcode Fuzzy Hash: c4cdda0f6d05cb8f76ce22b0a1e8ba4364613a338c84237fabf8a064e68dd154
                                                                                                                    • Instruction Fuzzy Hash: B0C1E272908300ABD710EB14C941A6BB7F5EF967A4F18481CF8C597251E735DC92EBA2
                                                                                                                    Function 00F18D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+(
                                                                                                                    • API String ID: 0-3233224373
                                                                                                                    • Opcode ID: 79dc0c7b63d244c4e560b0ab67fcdf55b70bb519ca5a200ee9f3f494c475ad65
                                                                                                                    • Instruction ID: 5d008993c4577c011effc4c8a02ca6fe96ab9778a3c013ba4bc7f0428cd693df
                                                                                                                    • Opcode Fuzzy Hash: 79dc0c7b63d244c4e560b0ab67fcdf55b70bb519ca5a200ee9f3f494c475ad65
                                                                                                                    • Instruction Fuzzy Hash: 17D1DC34A18306DFD704DF68DC90A6AB7F5FF9A310F09886CE98287291DB34E845EB51
                                                                                                                    Function 00F37FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: P
                                                                                                                    • API String ID: 0-3110715001
                                                                                                                    • Opcode ID: 1a48d8f3ca2e333636bd2270efbbf3910027b9d351f88809e019c0a36c902958
                                                                                                                    • Instruction ID: cab50eeffd970318fce0b3547b5bfb318af96c4bc565c0a3c5dbbd82f9e67668
                                                                                                                    • Opcode Fuzzy Hash: 1a48d8f3ca2e333636bd2270efbbf3910027b9d351f88809e019c0a36c902958
                                                                                                                    • Instruction Fuzzy Hash: 57D1E3729083658FC725CE18D89071EB6E1EB85768F19862CF8B5AB381CB75DC06E7C1
                                                                                                                    Function 00F1CCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID: %*+(
                                                                                                                    • API String ID: 2994545307-3233224373
                                                                                                                    • Opcode ID: 7ccc5d6f04f1d38998872eb3565837bb3dc6c262dcf561eb425995b2f4d65f0c
                                                                                                                    • Instruction ID: 4a0b996e4037615f9952ba93f0a8aba0a33aee774571ed419ff357085f69e7af
                                                                                                                    • Opcode Fuzzy Hash: 7ccc5d6f04f1d38998872eb3565837bb3dc6c262dcf561eb425995b2f4d65f0c
                                                                                                                    • Instruction Fuzzy Hash: 61B10071A483059BD714EF14D880B6BBBF2EF95350F14482CE5C58B352E335E895EBA2
                                                                                                                    Function 00FDC533 Relevance: 1.5, Strings: 1, Instructions: 273COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: U;
                                                                                                                    • API String ID: 0-523650671
                                                                                                                    • Opcode ID: 5e55ac5a1e554c60e6b9dd86080add6e18a90200570cddf889c9f17acc9282d1
                                                                                                                    • Instruction ID: cabea99d0dc3a8b71a234785e25eaaba1f9088ac371e902b1048b8a4a48540ca
                                                                                                                    • Opcode Fuzzy Hash: 5e55ac5a1e554c60e6b9dd86080add6e18a90200570cddf889c9f17acc9282d1
                                                                                                                    • Instruction Fuzzy Hash: 807169F7E082149BF3086E29EC84776BBCAD7D4320F2B863DD689877C4E9795C064295
                                                                                                                    Function 00EFA850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: ,
                                                                                                                    • API String ID: 0-3772416878
                                                                                                                    • Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                                                                    • Instruction ID: 92aba9b457573dca3ad9995fdec41dcab59221f4d3b40f01407d310f8d6cfb74
                                                                                                                    • Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                                                                    • Instruction Fuzzy Hash: 90B129711083859FD324CF58C88062BBBE1AFA9704F488E2DF5D99B342D671EA18CB57
                                                                                                                    Function 00F2FC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+(
                                                                                                                    • API String ID: 0-3233224373
                                                                                                                    • Opcode ID: 2cd21a50599bd094b2752f0dfa931086f48f43fb4c6034820fbee258c91b2c36
                                                                                                                    • Instruction ID: 8af0b2800b15a5fe4144b060d5d21af1d25dc2da4186936598dc52dc6f651ca4
                                                                                                                    • Opcode Fuzzy Hash: 2cd21a50599bd094b2752f0dfa931086f48f43fb4c6034820fbee258c91b2c36
                                                                                                                    • Instruction Fuzzy Hash: AC81DF75628304ABD710EF54EC80B2AB7F5FB9AB11F84483CF98487252D734D918EB62
                                                                                                                    Function 00F0D457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+(
                                                                                                                    • API String ID: 0-3233224373
                                                                                                                    • Opcode ID: abb5a5a8857039a251276a2210ea2cde2a9293943283e70647d54c05e18a04f4
                                                                                                                    • Instruction ID: 95e5b1abb2d12c371706d59c0c0aec9fd72e586898609ead9be3d3192e021ba4
                                                                                                                    • Opcode Fuzzy Hash: abb5a5a8857039a251276a2210ea2cde2a9293943283e70647d54c05e18a04f4
                                                                                                                    • Instruction Fuzzy Hash: 7961E176908208DBD710EF58DC42A3AB3B1FF95364F180928FD869B391E775E910E792
                                                                                                                    Function 00F34A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+(
                                                                                                                    • API String ID: 0-3233224373
                                                                                                                    • Opcode ID: b21cea2e4ef8da48ea46582364432d4d54c526f9cb97e3a4f77c5bbdcc36c35a
                                                                                                                    • Instruction ID: 205ba01cb48d224b1f24d1a8c659aa42063e1a3a51a41f700288929d3de234e6
                                                                                                                    • Opcode Fuzzy Hash: b21cea2e4ef8da48ea46582364432d4d54c526f9cb97e3a4f77c5bbdcc36c35a
                                                                                                                    • Instruction Fuzzy Hash: 3E61DD75A083459BDB10DF25D880B2AFBE6EBC5770F18892CE985872A1D735FC40EB52
                                                                                                                    Function 00FAA534 Relevance: 1.5, Strings: 1, Instructions: 208COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: itn
                                                                                                                    • API String ID: 0-2365587828
                                                                                                                    • Opcode ID: b5d002fba492bac3629faaa0aa16461792d4160a33e35d59e8ef3cbe260e3c24
                                                                                                                    • Instruction ID: 627c919d6bcbfd7bfe27e47d6bc72944e091474025fb566ed45c70105665685d
                                                                                                                    • Opcode Fuzzy Hash: b5d002fba492bac3629faaa0aa16461792d4160a33e35d59e8ef3cbe260e3c24
                                                                                                                    • Instruction Fuzzy Hash: 15512BF3A086105BF30C9E6CEC9577AB7D6DB94320F16463DEAC9C77C4E53958048296
                                                                                                                    Function 00EFE1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 00EFE333
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
                                                                                                                    • API String ID: 0-2471034898
                                                                                                                    • Opcode ID: 7a39a85215e8861ffb9a9665fce68074a69efd2bd29f54011a97fa101ae0daad
                                                                                                                    • Instruction ID: 32a682c702d9e1fdfe86e691f83839e9103683fe2513ac25bad3d39584aafb66
                                                                                                                    • Opcode Fuzzy Hash: 7a39a85215e8861ffb9a9665fce68074a69efd2bd29f54011a97fa101ae0daad
                                                                                                                    • Instruction Fuzzy Hash: 99514833A1A6944BD328893C5C553B97AC70BD2334B3DD76AEAF5EB3F0E55549009380
                                                                                                                    Function 00F33920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+(
                                                                                                                    • API String ID: 0-3233224373
                                                                                                                    • Opcode ID: 67602f4c77f6aa7f2105c7368e666e171aa861698f19b910184d258f8ff9ecb6
                                                                                                                    • Instruction ID: 48a1e85cc31067c33565f8fa7c1b224596437d875255bf6860d36f8a630e5ea2
                                                                                                                    • Opcode Fuzzy Hash: 67602f4c77f6aa7f2105c7368e666e171aa861698f19b910184d258f8ff9ecb6
                                                                                                                    • Instruction Fuzzy Hash: 46519078A09244DBCB24DF19D880B2EBBE6FF85764F14882CE4C687251D379DD10EB62
                                                                                                                    Function 01003399 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: F{<
                                                                                                                    • API String ID: 0-1950848788
                                                                                                                    • Opcode ID: 91012e2bfb609757e518c9015bfc29d413230722addcd5e53a0b6c5e576f4157
                                                                                                                    • Instruction ID: debb44ad45a6e065051fff94a8a7a28b4ccea5736e2ce8ec649d70549aa4896a
                                                                                                                    • Opcode Fuzzy Hash: 91012e2bfb609757e518c9015bfc29d413230722addcd5e53a0b6c5e576f4157
                                                                                                                    • Instruction Fuzzy Hash: 7F415BF3E152204BF3481939DC9876676DAEB90321F3B823D9B98A37C8E8381D0542C5
                                                                                                                    Function 00F01BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: L3
                                                                                                                    • API String ID: 0-2730849248
                                                                                                                    • Opcode ID: e6a50dab5ccc8faaadcd80e98cd0b567450b2b52e1c355903cf63c179201a981
                                                                                                                    • Instruction ID: 698e5c82c139339fc86ee760e10894b611a7bcd420135f2d619d2069bba4bb40
                                                                                                                    • Opcode Fuzzy Hash: e6a50dab5ccc8faaadcd80e98cd0b567450b2b52e1c355903cf63c179201a981
                                                                                                                    • Instruction Fuzzy Hash: 0D4173B84083849BD7149F24C894A6FBBF0FF86724F04890CF9C59B290D736D905EB66
                                                                                                                    Function 00F2FF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+(
                                                                                                                    • API String ID: 0-3233224373
                                                                                                                    • Opcode ID: 47978ad7c8a53fd29cd7392d1c0828a49e41675bf174b53655a8299c74737341
                                                                                                                    • Instruction ID: bdc9eea9b6f15660a52361f8ce8a9b57caaf0e8ee40bda2eccb451993664e289
                                                                                                                    • Opcode Fuzzy Hash: 47978ad7c8a53fd29cd7392d1c0828a49e41675bf174b53655a8299c74737341
                                                                                                                    • Instruction Fuzzy Hash: 323124F1A08305ABD614EA14DC91F2BB7E8EB81764F144829F88597252E731EC14E7A3
                                                                                                                    Function 00F1E40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 72?1
                                                                                                                    • API String ID: 0-1649870076
                                                                                                                    • Opcode ID: f686b3a21bfe138a005bb785e2cbcfc6a48160b83c271e593c9b0408906e4e08
                                                                                                                    • Instruction ID: 80c3e2363257c2c96aa00a43745b51f0cb4ae1a1dec54ed2fd81fc200941fdc1
                                                                                                                    • Opcode Fuzzy Hash: f686b3a21bfe138a005bb785e2cbcfc6a48160b83c271e593c9b0408906e4e08
                                                                                                                    • Instruction Fuzzy Hash: A031E9B5D00209CFEB20CF94E9905BFB7B5FB1A354F640818D946A7341D335A944DBA1
                                                                                                                    Function 00F06F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %*+(
                                                                                                                    • API String ID: 0-3233224373
                                                                                                                    • Opcode ID: 923dc8f105fa63411ed430460095ced58f02d23507d6595e718cf063000a92aa
                                                                                                                    • Instruction ID: 941aa753f4d909ae346f7e13d4e2db1d742ea81cce72f4f2988cf0a14f389220
                                                                                                                    • Opcode Fuzzy Hash: 923dc8f105fa63411ed430460095ced58f02d23507d6595e718cf063000a92aa
                                                                                                                    • Instruction Fuzzy Hash: EF418B75A04B08DBD7349F21C990F27BBF2FB49711F14895CE9868B6A1E331F800AB10
                                                                                                                    Function 00F1E66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 72?1
                                                                                                                    • API String ID: 0-1649870076
                                                                                                                    • Opcode ID: 3231547b35c61d189ba9775b81c737a56b678421138bdb1c385da3e125d45387
                                                                                                                    • Instruction ID: 43785cccfc4ef579d2718a62d10eadc721fc74ac4945f72dbe447bf04243d903
                                                                                                                    • Opcode Fuzzy Hash: 3231547b35c61d189ba9775b81c737a56b678421138bdb1c385da3e125d45387
                                                                                                                    • Instruction Fuzzy Hash: 8521B5B5900609CFEB20CF95D9905BFBBF5BB1A744F64081CD846AB341C335AD85EBA1
                                                                                                                    Function 00F39CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID: @
                                                                                                                    • API String ID: 2994545307-2766056989
                                                                                                                    • Opcode ID: 04fa9fe4dda1513324205cb8294debc838c311b568586e449da5dace7d130b4c
                                                                                                                    • Instruction ID: f136167bd02ddcc97e6ff43aeb79956874984b1c9433a48881e79e4be572c969
                                                                                                                    • Opcode Fuzzy Hash: 04fa9fe4dda1513324205cb8294debc838c311b568586e449da5dace7d130b4c
                                                                                                                    • Instruction Fuzzy Hash: B531637490C3049BD310EF19D880A2AFBF9EF9A324F14892CE6C897251D3B5D904DBA6
                                                                                                                    Function 00F04E2A Relevance: 1.0, Instructions: 957COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c24a3fea0e0b9540dc8e770a7127590af500511e3d0f35b945591930cdf3895b
                                                                                                                    • Instruction ID: f56c7b4a6cbe44129ee6e4f20d1063144ebd69a07c7d90dd831e9ad258ffbb7c
                                                                                                                    • Opcode Fuzzy Hash: c24a3fea0e0b9540dc8e770a7127590af500511e3d0f35b945591930cdf3895b
                                                                                                                    • Instruction Fuzzy Hash: B1625BB0900B008FD725CF24D994B27B7F6AF45714F54892CD49B8BA92E775F808EBA1
                                                                                                                    Function 00EFBEB0 Relevance: .9, Instructions: 895COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                                                                    • Instruction ID: af8140460ea8ec4d3067ed625193b2ecb65f4272b73df51ab0fd2b566d8e0239
                                                                                                                    • Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                                                                    • Instruction Fuzzy Hash: CC521A31A0871D8BC7259F18D5402BAF3E1FFC5319F395A2DDAD6A3290E734A851CB86
                                                                                                                    Function 00F38652 Relevance: .7, Instructions: 710COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f3e9893168a8d147eb19c6f2f09294700ae887e06422914273a96e89884a1010
                                                                                                                    • Instruction ID: 27bf239237ede6922724cbe02ae43f630cf096a00913e8592c3ed17e60d8db8c
                                                                                                                    • Opcode Fuzzy Hash: f3e9893168a8d147eb19c6f2f09294700ae887e06422914273a96e89884a1010
                                                                                                                    • Instruction Fuzzy Hash: 8C22DB3960C344CFC704DF68E89062ABBE1FF9A325F09886DE98997351C775E950EB42
                                                                                                                    Function 00F386F0 Relevance: .7, Instructions: 681COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 496886c13f544510cafceb6971feb74dd33fe541607402cf559a3a018b889865
                                                                                                                    • Instruction ID: 6830d3818e340f08287427591efa2e3c815b42962e8cfe4d2d06acd13f0196b1
                                                                                                                    • Opcode Fuzzy Hash: 496886c13f544510cafceb6971feb74dd33fe541607402cf559a3a018b889865
                                                                                                                    • Instruction Fuzzy Hash: B922BA3960C344DFC704DF68E89062ABBE1FB9A315F09896DE8C997361C375E950EB42
                                                                                                                    Function 00EFB3A0 Relevance: .7, Instructions: 670COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 74a8d8ac49b255d3370d3263675aa5a6e07528734c74a0880d61c29ca31a8a50
                                                                                                                    • Instruction ID: 090bcb4845d1921209e2ce666f58e006db5c99f0a3c818651f6b2b9cce088895
                                                                                                                    • Opcode Fuzzy Hash: 74a8d8ac49b255d3370d3263675aa5a6e07528734c74a0880d61c29ca31a8a50
                                                                                                                    • Instruction Fuzzy Hash: FB52B570908B8C8FE735CB24C4843B7BBE2EB91318F146D2EC6D616AC6D779A885C751
                                                                                                                    Function 00EF71F0 Relevance: .7, Instructions: 657COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ec3fa88e4b01209a536ec2e55f5459fbab83055ed32869493aa79a90e3735700
                                                                                                                    • Instruction ID: 33f74b2a1f8fc590baedb38dcfbfdfce615766e64b36460ac86f3ce8ac213a13
                                                                                                                    • Opcode Fuzzy Hash: ec3fa88e4b01209a536ec2e55f5459fbab83055ed32869493aa79a90e3735700
                                                                                                                    • Instruction Fuzzy Hash: 8A52BF3150C3498BCB15CF28C0906BABBE2BF88318F199A6DE9D967351D774D989CB81
                                                                                                                    Function 00EF8FD0 Relevance: .6, Instructions: 620COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 828664035aa945bb083aea57e6242ec0e638556194dcd0f3c91c68ad40c34299
                                                                                                                    • Instruction ID: c68ee51e9bf8f66b9ffc1a80603a3330368c049d50fc0b9493f8c7100d5a3c6b
                                                                                                                    • Opcode Fuzzy Hash: 828664035aa945bb083aea57e6242ec0e638556194dcd0f3c91c68ad40c34299
                                                                                                                    • Instruction Fuzzy Hash: 28426879608305DFE704CF28E8507AABBE2BF88325F09886DE5858B3A1D735D945DF42
                                                                                                                    Function 00EF7BF0 Relevance: .6, Instructions: 592COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c49bee6629e7149e735773c3b12ddda2f089aaea095d64c5239bbaf094fc3669
                                                                                                                    • Instruction ID: 2d3f68dcc6bb51dd54db6eafcf1588e18b998fd081c461271e42c9d9ce30f32f
                                                                                                                    • Opcode Fuzzy Hash: c49bee6629e7149e735773c3b12ddda2f089aaea095d64c5239bbaf094fc3669
                                                                                                                    • Instruction Fuzzy Hash: C4323370615B188FC328CF29C69056ABBF1FF45700BA06A2ED6A797B90D736F845CB10
                                                                                                                    Function 00F389A0 Relevance: .5, Instructions: 545COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 96b445f94269e41e5dc1717d15b7da0d83b050543c6a0542726a37921dd3b356
                                                                                                                    • Instruction ID: 8df4168093b1df7e7667a4d36f086e0d9762d62da7b9c5882f9c4a4a6f3dc353
                                                                                                                    • Opcode Fuzzy Hash: 96b445f94269e41e5dc1717d15b7da0d83b050543c6a0542726a37921dd3b356
                                                                                                                    • Instruction Fuzzy Hash: 7602AA3960C344DFC704DF68E88062AFBE1EB9A315F09896DE8C597361C375E910EB92
                                                                                                                    Function 00F38A80 Relevance: .5, Instructions: 524COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2d501cb9e693af74a393927fe1ad9544785d6ed7310332bf817adbee02cff946
                                                                                                                    • Instruction ID: be1234fd97f26f87186aa5536bab4e91276b0dd96722477d6f08f5e4251d6e8e
                                                                                                                    • Opcode Fuzzy Hash: 2d501cb9e693af74a393927fe1ad9544785d6ed7310332bf817adbee02cff946
                                                                                                                    • Instruction Fuzzy Hash: D2F19A3560C344DFC704DF28E88062AFBE1EB9A315F09896DE8C597351D376E910EB92
                                                                                                                    Function 00F38C02 Relevance: .5, Instructions: 487COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1ac3b12f77c244f8531f0cd30384647537e758028435cd56e796f29e2a563c7e
                                                                                                                    • Instruction ID: 5b6375d4d76370229cffa3d7bfc8bb0e607ba6de68ffe8210d2ae700b1cf3437
                                                                                                                    • Opcode Fuzzy Hash: 1ac3b12f77c244f8531f0cd30384647537e758028435cd56e796f29e2a563c7e
                                                                                                                    • Instruction Fuzzy Hash: 2CE1AC3560C344CFC704DF28E88062AF7E1EB9A325F09896CE9D997351D776E910DB92
                                                                                                                    Function 00EFA300 Relevance: .5, Instructions: 459COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                                                                    • Instruction ID: 01c424eca7b404febfacf9bb8a4dd27a155579eb83b88f92e74e9cb01edd73e5
                                                                                                                    • Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                                                                    • Instruction Fuzzy Hash: B7F1DE752087458FC724CF29C88066BFBE2EFD8304F08982DE5C98B751E679E945CB52
                                                                                                                    Function 00F38E70 Relevance: .4, Instructions: 420COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: acaf938d132c9e29eb35c1fb055c360eb6d3f121e934299885b05ebc4e9d904c
                                                                                                                    • Instruction ID: 239c45bf325727e79304c2dee2bd056b7d98e04d5ba6d8eb66db0dc9177b5a8e
                                                                                                                    • Opcode Fuzzy Hash: acaf938d132c9e29eb35c1fb055c360eb6d3f121e934299885b05ebc4e9d904c
                                                                                                                    • Instruction Fuzzy Hash: C2D1AB3460C280DFD304EF28E88062AFBE5EB9A715F09896CE4C597251D776E910EB92
                                                                                                                    Function 00F04487 Relevance: .4, Instructions: 389COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d890ef38652586246dff0b965c0ddcde7d8e6702a09a2c1325541156ef2bee27
                                                                                                                    • Instruction ID: f60ad68110e9dee97d62d37851bc311d92fd2246a3f5c0f5deeb23619247ffa1
                                                                                                                    • Opcode Fuzzy Hash: d890ef38652586246dff0b965c0ddcde7d8e6702a09a2c1325541156ef2bee27
                                                                                                                    • Instruction Fuzzy Hash: 27E100B5A01B008FD325CF28D992B97B7E1FF46704F04886CE5AAC7792E735B8149B54
                                                                                                                    Function 00F36CBF Relevance: .4, Instructions: 384COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: db7a1dc77b0c60c7d7b286b34e576936a67101a174891c844ee100c92d5c23f7
                                                                                                                    • Instruction ID: 0fbd6f3b4cb4e2d5d55cce2b29513fe298946c12107e34842245c15f38fab26d
                                                                                                                    • Opcode Fuzzy Hash: db7a1dc77b0c60c7d7b286b34e576936a67101a174891c844ee100c92d5c23f7
                                                                                                                    • Instruction Fuzzy Hash: 90D1E33A618359CFCB14CF38D8C052ABBE1AB9A314F098A7CE995C7391D334DA44DB91
                                                                                                                    Function 00F37AB0 Relevance: .4, Instructions: 354COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9a4a41f6719cd9a7361ba2f9a617a1140a180bd80830f988d905a0c55992a6a8
                                                                                                                    • Instruction ID: 889ae8609afc594d912a74ce976f070f051b8548fd3adb6f8e3e4be1e377395a
                                                                                                                    • Opcode Fuzzy Hash: 9a4a41f6719cd9a7361ba2f9a617a1140a180bd80830f988d905a0c55992a6a8
                                                                                                                    • Instruction Fuzzy Hash: 57B104B2A0C3548BE724EA28CC4176FB7E5AFC5324F18492CE99997391E735EC049792
                                                                                                                    Function 00EFAF10 Relevance: .3, Instructions: 303COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                                                                    • Instruction ID: daf194871c2f551429a4c9bae18d7e2748d130c5470c7d3a58bdcdbf60057d37
                                                                                                                    • Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                                                                    • Instruction Fuzzy Hash: 4CC18DB2A487458FC360CF28CC967ABB7E1FF85318F08492DD2D9D6242E778A155CB06
                                                                                                                    Function 00F06536 Relevance: .3, Instructions: 295COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e7703d4fc4b2a07020acf9ea2f5d42e328626f22a2738bc76a6dd96311c5ec03
                                                                                                                    • Instruction ID: ffa5d25c9f106c2fc91510951eae97fa8188d932871bf04bce99aec117896740
                                                                                                                    • Opcode Fuzzy Hash: e7703d4fc4b2a07020acf9ea2f5d42e328626f22a2738bc76a6dd96311c5ec03
                                                                                                                    • Instruction Fuzzy Hash: 62B101B4600B408FD321CF24C981B27BBF1AF46704F14885CE8AA9BB92E735F815DB55
                                                                                                                    Function 00F37710 Relevance: .3, Instructions: 287COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InitializeThunk
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2994545307-0
                                                                                                                    • Opcode ID: b2f02297ec87f657cb3f8f853cdc5b671aeb446bf3f54b673a6649b9e1336616
                                                                                                                    • Instruction ID: 658e8471f4618f2fc86598404f4c55b4de6aac3837047d17b496ece6f06f7d82
                                                                                                                    • Opcode Fuzzy Hash: b2f02297ec87f657cb3f8f853cdc5b671aeb446bf3f54b673a6649b9e1336616
                                                                                                                    • Instruction Fuzzy Hash: D09180B5A0C305ABE720EB14CC40B6FBBE5EB85360F54491CF98497352E734E940EB92
                                                                                                                    Function 00F3A0D0 Relevance: .3, Instructions: 282COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 726cfc8007a3960fb56262dc30859ffca8fef44292d24afce1217b7ae8f47090
                                                                                                                    • Instruction ID: a3f4ecfe35f63393089dcf49752a2a508e99ba2b800ab0aec697d8ac8d1f8051
                                                                                                                    • Opcode Fuzzy Hash: 726cfc8007a3960fb56262dc30859ffca8fef44292d24afce1217b7ae8f47090
                                                                                                                    • Instruction Fuzzy Hash: B1818E346087058BD724EF2AC880A2FB7E5EF99760F45896CE9C5C7251E736EC10DB92
                                                                                                                    Function 00F264F0 Relevance: .2, Instructions: 246COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f4078511fe47d792b77dec99dec29e70f9a8b948f5e679baf58971994221d45f
                                                                                                                    • Instruction ID: 94ba9b11688fa98a536d986b68f7474ace0a3d374cdee757d405ea055780e779
                                                                                                                    • Opcode Fuzzy Hash: f4078511fe47d792b77dec99dec29e70f9a8b948f5e679baf58971994221d45f
                                                                                                                    • Instruction Fuzzy Hash: E271D433B29AA04BC3148D7C6C92395BA434BD6334F3D8379A9B4DF3E5D6294C066381
                                                                                                                    Function 00F128E9 Relevance: .2, Instructions: 244COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1ae3965fb8fd8a80d471830bfff4e21e7e277cceefc24bfa1be5cf360d5dd23d
                                                                                                                    • Instruction ID: 79f96206f95a247f1244b47d6dd71686032af97eba60811146eebd5ce9de84c5
                                                                                                                    • Opcode Fuzzy Hash: 1ae3965fb8fd8a80d471830bfff4e21e7e277cceefc24bfa1be5cf360d5dd23d
                                                                                                                    • Instruction Fuzzy Hash: 86619AB48083408BD310AF54D851A6BBBF0FFA2760F18491DF9C69B261E339D960DB67
                                                                                                                    Function 00F17C00 Relevance: .2, Instructions: 243COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b655a5769015b3d7f11ab62095f818f874fb6f4e0fdb46e70d06bba129a4658f
                                                                                                                    • Instruction ID: 6daaf63e929825ad3c2cfbc9d867b78e72e84f66bf2e43a219af64f7294617dc
                                                                                                                    • Opcode Fuzzy Hash: b655a5769015b3d7f11ab62095f818f874fb6f4e0fdb46e70d06bba129a4658f
                                                                                                                    • Instruction Fuzzy Hash: BC51B3B16083099BDB20AB24DC92BB773B4EF85364F144558F949CB391F375E881D762
                                                                                                                    Function 00F21860 Relevance: .2, Instructions: 217COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                                                                    • Instruction ID: 82ecc9a927fa60caab09fdc9bbd909fbffb6015d93a350fb80ed52e044e511c4
                                                                                                                    • Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                                                                    • Instruction Fuzzy Hash: 2261D432A093219BD714CE28E5C031FBBE2FBE5360F64C92DE4898B351D274DD85AB49
                                                                                                                    Function 00F282D0 Relevance: .2, Instructions: 215COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 998d9f4235bdbaeba5322c097697d688af724c0cab960edf5fde155b09b39348
                                                                                                                    • Instruction ID: e9490653b7ac32e0be4af6a4a07d786b870a6b19fcf8c8ae39b628d52a4ce085
                                                                                                                    • Opcode Fuzzy Hash: 998d9f4235bdbaeba5322c097697d688af724c0cab960edf5fde155b09b39348
                                                                                                                    • Instruction Fuzzy Hash: 91613823A5BAB04BD314853C6C563A66A831BD67B0F3EC36699F18B3E5CD694C036381
                                                                                                                    Function 00F042FC Relevance: .2, Instructions: 206COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 87db992267dc725f3c8bb33547a10ac579796c8fa94ece14b033116e15429a82
                                                                                                                    • Instruction ID: fff4be70cf7bf5925745edfdc38f0788b6d7d5f19fbed7a3315b3cd5c617436b
                                                                                                                    • Opcode Fuzzy Hash: 87db992267dc725f3c8bb33547a10ac579796c8fa94ece14b033116e15429a82
                                                                                                                    • Instruction Fuzzy Hash: 3581EFB4810B00AFD360EF39D947757BEF4AB06301F404A1DE5EA96694E7306419DBE3
                                                                                                                    Function 01071D9A Relevance: .2, Instructions: 199COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7e4d22fcc33d2bccfee16e0b979b0be137af87643464597c831e82970c3d2936
                                                                                                                    • Instruction ID: 33f8b95bda7e395f9bacd79a7189ce5cff4535e57b1eccdc801c65ae32334d1a
                                                                                                                    • Opcode Fuzzy Hash: 7e4d22fcc33d2bccfee16e0b979b0be137af87643464597c831e82970c3d2936
                                                                                                                    • Instruction Fuzzy Hash: 705138F390C2049FE308AF29DC8573AFBE5EB94310F16853DDAC5C3744EA3958448696
                                                                                                                    Function 00FD430E Relevance: .2, Instructions: 195COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 107df7e3d4f504a4c7ca58f10215b03592e1b604b83b083fdb45b3d48fdb669c
                                                                                                                    • Instruction ID: 4c41b707b8d5b38d585aadec64c2c011e9cd27020830fee44e9302c1977e2d4a
                                                                                                                    • Opcode Fuzzy Hash: 107df7e3d4f504a4c7ca58f10215b03592e1b604b83b083fdb45b3d48fdb669c
                                                                                                                    • Instruction Fuzzy Hash: 945105F3E1C2009BF70CAA28EC4577AB7D6EBD4710F1A853DE6C983784E97958058686
                                                                                                                    Function 00FE9ABE Relevance: .2, Instructions: 194COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ea98813352c01fa1558b84a20fc79aeea845414d1bd9814d672e4fbf0fe57850
                                                                                                                    • Instruction ID: bea7d9dd3b6ecb3cb06eaa8df2d625f2cfbbe2ac91803781486f903b853314b7
                                                                                                                    • Opcode Fuzzy Hash: ea98813352c01fa1558b84a20fc79aeea845414d1bd9814d672e4fbf0fe57850
                                                                                                                    • Instruction Fuzzy Hash: 8051B0F3E182109BF7086E28DC457BABBE5EB94310F1B453CDBC893780DA7958448796
                                                                                                                    Function 00F2E8A0 Relevance: .2, Instructions: 189COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                    • Instruction ID: 139393d911bcb6e0d7c786ab544e77771f8658a1f706fc4ab99a2280142a2ea6
                                                                                                                    • Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                    • Instruction Fuzzy Hash: 5C515CB1A087548FE314DF69D89435BBBE1BB85318F144E2DE4E987350E379DA088F82
                                                                                                                    Function 0109D61C Relevance: .2, Instructions: 185COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 163b53a4122a5509bdd13292f175d7f1565f1501eb813d262757aa1302e04c22
                                                                                                                    • Instruction ID: db2540ddd84fc608a277d3788791009287f1f8c70a143e96a20ba086d5d3280e
                                                                                                                    • Opcode Fuzzy Hash: 163b53a4122a5509bdd13292f175d7f1565f1501eb813d262757aa1302e04c22
                                                                                                                    • Instruction Fuzzy Hash: 63516EF3E082005FF304592DDC957A7B796DBD0330F1A863EEA98D3784E97999058296
                                                                                                                    Function 00F37520 Relevance: .2, Instructions: 176COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 97866d2d9dfb64723925daecfd6fa0a74066dad830af1b85a51427c9855f6826
                                                                                                                    • Instruction ID: c85383399e326dc0d7a09fde2a88a34c82a2ff413df3cb3070f4f257aaf9d3de
                                                                                                                    • Opcode Fuzzy Hash: 97866d2d9dfb64723925daecfd6fa0a74066dad830af1b85a51427c9855f6826
                                                                                                                    • Instruction Fuzzy Hash: DD51057560C304ABC724AE18CC91B2EB7E6FB85774F288A2CF8D597391D635EC10A791
                                                                                                                    Function 00F6CA3A Relevance: .2, Instructions: 176COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 12f4abba3c28ba6f1f16800d0a0ffbc95e9710d41e6d649e421d1aab99ecdb05
                                                                                                                    • Instruction ID: b70198233bef4de9a67376c3a42959192ac29a1e50dce40bacd75c3b868d0a6a
                                                                                                                    • Opcode Fuzzy Hash: 12f4abba3c28ba6f1f16800d0a0ffbc95e9710d41e6d649e421d1aab99ecdb05
                                                                                                                    • Instruction Fuzzy Hash: FA513AF3E082158BE310BE2DEC8573BB6D9AB94310F1B453DDAC8D3344E97999168686
                                                                                                                    Function 00FC58FF Relevance: .2, Instructions: 175COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: bc6931d6653373d9054623068fae9f977253b8a4da6430255b281eb57d84950d
                                                                                                                    • Instruction ID: 802e1921d57d065d1fafe53ceadd81ed9bd99ade8d8439f89068ac0bd327b155
                                                                                                                    • Opcode Fuzzy Hash: bc6931d6653373d9054623068fae9f977253b8a4da6430255b281eb57d84950d
                                                                                                                    • Instruction Fuzzy Hash: 2E515FF2908210AFE3146E18EC8577EFBE5EF94321F06493DD7D593680EA3959508B87
                                                                                                                    Function 010799C3 Relevance: .2, Instructions: 169COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 25fd21e8ad21a53627e0041910d3f8a5ba9968a7efac0f9dfdce4f3dd93adea5
                                                                                                                    • Instruction ID: b1732affd94a190b30a9bf1bfe88c3f6bdfbc6abd4b163195edb5e834bb61b9b
                                                                                                                    • Opcode Fuzzy Hash: 25fd21e8ad21a53627e0041910d3f8a5ba9968a7efac0f9dfdce4f3dd93adea5
                                                                                                                    • Instruction Fuzzy Hash: 955124B3F541204BF350593DDC493A6BAC6EBC4320F2B86399E98D77C4D97D890A82C6
                                                                                                                    Function 00EF5A50 Relevance: .2, Instructions: 163COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b24fc54b37d2a0c1f4fa6d633a87d83a6c31b4e050f02f22d65212fbe3f040b7
                                                                                                                    • Instruction ID: 5b2420c4696e6eb10f0582f1504a8a6eb7a318223d80683d30769c8cff9e87a7
                                                                                                                    • Opcode Fuzzy Hash: b24fc54b37d2a0c1f4fa6d633a87d83a6c31b4e050f02f22d65212fbe3f040b7
                                                                                                                    • Instruction Fuzzy Hash: A0510576A047089FC714DF14C880936B7E0FF95328F25566CEA96AB342D730EC52CB91
                                                                                                                    Function 00F1EC48 Relevance: .1, Instructions: 146COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e6b1c46ac6c85847692fdf9a3acc842d256a9d9dbcb10a2deca69f8f7ec8795f
                                                                                                                    • Instruction ID: 3cd2546d5cd29b5a457b8076efe14ce05e7e3b62cbf77dad83608d3a4b90d331
                                                                                                                    • Opcode Fuzzy Hash: e6b1c46ac6c85847692fdf9a3acc842d256a9d9dbcb10a2deca69f8f7ec8795f
                                                                                                                    • Instruction Fuzzy Hash: 6C419E78D00329DBDF208F54EC91BA9B7B0FF0A350F144548E945AB3A0EB38A990DB91
                                                                                                                    Function 00F39B60 Relevance: .1, Instructions: 140COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d4a61b63c4dc40f60b75bb8627698860ecd7bfa264c1f93f6ea48567b53ecb72
                                                                                                                    • Instruction ID: 169d61d5bb146357ef2d6c40b38441f29e363deb5bf7342b385fdc7d98f8fd18
                                                                                                                    • Opcode Fuzzy Hash: d4a61b63c4dc40f60b75bb8627698860ecd7bfa264c1f93f6ea48567b53ecb72
                                                                                                                    • Instruction Fuzzy Hash: F241BE3460C305ABD714EB15D990B2AF7E6EB85B70F14982CF98987251C3B5EC00EB62
                                                                                                                    Function 00F02030 Relevance: .1, Instructions: 136COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b77026477e3aeb8e85b7e5c1f60ea152a0050107ebf5db61e03b87ae6597ae90
                                                                                                                    • Instruction ID: 8d18f1b06fc5f51bfa9add9a894389e05f27d27f297f47eedeb0550491de63b3
                                                                                                                    • Opcode Fuzzy Hash: b77026477e3aeb8e85b7e5c1f60ea152a0050107ebf5db61e03b87ae6597ae90
                                                                                                                    • Instruction Fuzzy Hash: FE410732A0C3654FD75DCE2A84A423ABBE2AFC5310F09C66EE4D6873D0DA748945F791
                                                                                                                    Function 00F01E93 Relevance: .1, Instructions: 131COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cc43ed48543234725f6628c9a29aff5c456bdd64e5cd4b5323848f6544e8c3ff
                                                                                                                    • Instruction ID: 4ca92b89d5d277c6afd2f0714d20d375dc0cd7d38fd9cafeb015bfcecebe52e3
                                                                                                                    • Opcode Fuzzy Hash: cc43ed48543234725f6628c9a29aff5c456bdd64e5cd4b5323848f6544e8c3ff
                                                                                                                    • Instruction Fuzzy Hash: CE41E2745083809BD320AB55C888B2EFBF5FB86755F144D1CF6C497292C37AE814AB66
                                                                                                                    Function 00F38D8A Relevance: .1, Instructions: 124COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: fbbe951406e1e8174faf1de7ed868900856728adf461321ec9aebd7eb646c107
                                                                                                                    • Instruction ID: fcdea657c6cb8d45f2d912ea1121a636d79bb8bc2688d150f31ccbb6d0d432be
                                                                                                                    • Opcode Fuzzy Hash: fbbe951406e1e8174faf1de7ed868900856728adf461321ec9aebd7eb646c107
                                                                                                                    • Instruction Fuzzy Hash: 4341C131A0C3508FC305EF68C49052EFBE6AF99360F199A1DE4D5D72A1CB78DD068B82
                                                                                                                    Function 00F0D961 Relevance: .1, Instructions: 121COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 40f39755c816ee988de1cd8d538696d7cb4e62a698ce1a5f20517fd03c0b3cfe
                                                                                                                    • Instruction ID: 329f38ec26ca2ca4512e8ca2df7a0e401014f1711d6241b9db28bdf44908413b
                                                                                                                    • Opcode Fuzzy Hash: 40f39755c816ee988de1cd8d538696d7cb4e62a698ce1a5f20517fd03c0b3cfe
                                                                                                                    • Instruction Fuzzy Hash: 8641A0B5609385CBD730DF54C841BABB7B0FFA6364F040958E58A8B7A2E7744940EB53
                                                                                                                    Function 00F2F030 Relevance: .1, Instructions: 104COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                                                                    • Instruction ID: 7a9575b00bd2d56784eb59933845d9705ebe2742546ebbaeb8fd561097a7a12a
                                                                                                                    • Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                                                                    • Instruction Fuzzy Hash: 122137329182244BC324DB59D881A3BF7F4EB99B14F06863ED9C4A7295E3359C2897E1
                                                                                                                    Function 00F367EF Relevance: .1, Instructions: 101COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 5363501ee5462f32421b59bbf548080b44d4553414bf7b53fb78f39e4526bb12
                                                                                                                    • Instruction ID: 84e92557b08f0727105e99d6368e2d58f9c6f89afd238e9b025bd608e0c54920
                                                                                                                    • Opcode Fuzzy Hash: 5363501ee5462f32421b59bbf548080b44d4553414bf7b53fb78f39e4526bb12
                                                                                                                    • Instruction Fuzzy Hash: B0311370518382AAD714DF14C49062FBBF0AF967A4F54980DF4C8AB261D338D985DB9A
                                                                                                                    Function 00F15E70 Relevance: .1, Instructions: 99COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 97a678cce1c5035ebb77c6a8681e48a473b9909ec70f46226108cfe55712ff2b
                                                                                                                    • Instruction ID: def954c0e16ee7c94dd78bcec27fed4e9444d5d0a42b38ffbaa39194b6b0bd47
                                                                                                                    • Opcode Fuzzy Hash: 97a678cce1c5035ebb77c6a8681e48a473b9909ec70f46226108cfe55712ff2b
                                                                                                                    • Instruction Fuzzy Hash: 1D21B271908601DBD310AF18C85196BBBF4EF92B64F54890CF4D59B291E334D940EBA3
                                                                                                                    Function 00EF49A0 Relevance: .1, Instructions: 95COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                                                                    • Instruction ID: 614d48e6bfb564f406f237feb80562c20668e3b1fadb536d6105861f53d78cf7
                                                                                                                    • Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                                                                    • Instruction Fuzzy Hash: C1310CB17486059BD7119E1CD88053BB7E1EFC431CF18A92CEA9AAB281E331DC52CB46
                                                                                                                    Function 00F364B8 Relevance: .1, Instructions: 83COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d3bdb50c14207254810ef3356a41b5240fb91112308d152d74b385dbfcd93eef
                                                                                                                    • Instruction ID: 137081800ecd6eb98d82f8346ea2f9bedb0e8556f16ed66fb8060216c824f168
                                                                                                                    • Opcode Fuzzy Hash: d3bdb50c14207254810ef3356a41b5240fb91112308d152d74b385dbfcd93eef
                                                                                                                    • Instruction Fuzzy Hash: C5214C7490C244EBC704EF19D480A2EFBF6FB95765F28881CE4C493361C335A850EB62
                                                                                                                    Function 00F35700 Relevance: .1, Instructions: 69COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 91f5d3e97a615e191b54d871bd0204f602b0331b7b9470ff7195683e37e59cbc
                                                                                                                    • Instruction ID: 1c7b0258a6b769bb62052b2aa235f26fd5c4b6f8f24d4c72d06b3e2d79313be6
                                                                                                                    • Opcode Fuzzy Hash: 91f5d3e97a615e191b54d871bd0204f602b0331b7b9470ff7195683e37e59cbc
                                                                                                                    • Instruction Fuzzy Hash: 7711707591C240EBC301AF28EC45A1FBBF5AF96B20F158828E8C49B211D339D915EB97
                                                                                                                    Function 00F2B650 Relevance: .1, Instructions: 64COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                    • Instruction ID: 0f88457ec7c337c2a3c16af099b2fe156340c0b491d507cbe183b6b087abbc6c
                                                                                                                    • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                    • Instruction Fuzzy Hash: 0811E933A051E50EC3168D3C9440565BFA31AA3334B5D43E9F8B49B2D2D7228D8AA355
                                                                                                                    Function 00F20B80 Relevance: .1, Instructions: 63COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                                                                    • Instruction ID: a1884faa6e2bb7290ff5ff09b412dfa077b687cb3f095a0fa7fb67cbd333bf51
                                                                                                                    • Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                                                                    • Instruction Fuzzy Hash: C201B1F2E0071687E7309E10A5D0B3BB2E8AFC4728F28552CE90697203DF75EC14D691
                                                                                                                    Function 011A2FF2 Relevance: .1, Instructions: 63COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e87c1fd11ecfd080659c8b0c0f5099400ed25a36fbc3adf8fa51242875bb4562
                                                                                                                    • Instruction ID: 308f54fdf8a20c70e58581f0dc3ed2cb529e10755813f4e37123c7229a1b5912
                                                                                                                    • Opcode Fuzzy Hash: e87c1fd11ecfd080659c8b0c0f5099400ed25a36fbc3adf8fa51242875bb4562
                                                                                                                    • Instruction Fuzzy Hash: E821BBB241C7089FE305BF69D88566AFBE5EF98711F06892DD6D083610E7316490CA87
                                                                                                                    Function 00F1D1E1 Relevance: .0, Instructions: 46COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 5c1cdb29ba242489fcef4cffbd5046db24971a1243c051c362b318a977b73c60
                                                                                                                    • Instruction ID: 1cbbfac01a9eb734e8083998590fa5a11d7fd46121b103398c12a0b8fe892693
                                                                                                                    • Opcode Fuzzy Hash: 5c1cdb29ba242489fcef4cffbd5046db24971a1243c051c362b318a977b73c60
                                                                                                                    • Instruction Fuzzy Hash: 4611ECB0408380AFD3109F618984A2FFBF5EBA6714F148C0DF6A49B251C379E859DF56
                                                                                                                    Function 00EF6EA0 Relevance: .0, Instructions: 46COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d0411a348240778326c6b9651c20663421511e66a1e3d407212bbec4e9c00f2b
                                                                                                                    • Instruction ID: 44aa0585dc43c45a2dfee24732de62adf5bf1918d68a771337d129ce315534f0
                                                                                                                    • Opcode Fuzzy Hash: d0411a348240778326c6b9651c20663421511e66a1e3d407212bbec4e9c00f2b
                                                                                                                    • Instruction Fuzzy Hash: 83F0B43B71921E1BA620CDABA88483BB396D7D9369B146539EB41E3201DD72E8069190
                                                                                                                    Function 00F2B8C0 Relevance: .0, Instructions: 44COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                                                                    • Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
                                                                                                                    • Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                                                                    • Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695
                                                                                                                    Function 00F0C5F0 Relevance: .0, Instructions: 42COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                    • Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
                                                                                                                    • Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                    • Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696
                                                                                                                    Function 00F0B410 Relevance: .0, Instructions: 38COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                    • Instruction ID: 9cfd8ac5b579ba6d4b701480ffbd58b4debfe9dbc0cd4b67a6b93b45d7a405f2
                                                                                                                    • Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                    • Instruction Fuzzy Hash: A3F0ECB5A0861057DF22CE549CC0F37BB9CCB87364F190426E84557183D2A15945D3E5
                                                                                                                    Function 00F28220 Relevance: .0, Instructions: 32COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 27771640d648c50949d9332bf566cb7859fc55dfe90456e5a843f2a0c3679868
                                                                                                                    • Instruction ID: 9a8beb97ae44d24dbf6ce6efac7d055da5b58851a8f0ee4bcfc098d1e9c70b20
                                                                                                                    • Opcode Fuzzy Hash: 27771640d648c50949d9332bf566cb7859fc55dfe90456e5a843f2a0c3679868
                                                                                                                    • Instruction Fuzzy Hash: F001E4B04107009FC360EF29C445747BBE8EB08764F004A1DE8EECB681D770A5448B82
                                                                                                                    Function 00F31440 Relevance: .0, Instructions: 21COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                    • Instruction ID: 745828328f20f74d7d338253f08bbe7672edac674c286cb26853cf7cfa9b6d55
                                                                                                                    • Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                    • Instruction Fuzzy Hash: 95D05E21A08321469B64CE19E400977F7E0FA87B21F49955EF586E3148D230DC41D2A9
                                                                                                                    Function 00F01ACD Relevance: .0, Instructions: 14COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8e6df698b593fa1682a8cebac30c4b5058e83eefd511fa6e30621b9354fe6a24
                                                                                                                    • Instruction ID: 7e374270ba0e07a8d1bb466cb45379f02eb32504ffe490373a3f39377900cd61
                                                                                                                    • Opcode Fuzzy Hash: 8e6df698b593fa1682a8cebac30c4b5058e83eefd511fa6e30621b9354fe6a24
                                                                                                                    • Instruction Fuzzy Hash: 03C01238B180088BC204CF40F895A32B2B9A307308700A02ADA02F3261CA20D41AB909
                                                                                                                    Function 00F36094 Relevance: .0, Instructions: 12COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f0065f5ef7ce23589cbf954a4c26ec0afa0478ad39b04a0227256862d3f75fdc
                                                                                                                    • Instruction ID: 0b014608ec914194487a96248c55a4453371c66a0c15220da93ce878b3c7bf13
                                                                                                                    • Opcode Fuzzy Hash: f0065f5ef7ce23589cbf954a4c26ec0afa0478ad39b04a0227256862d3f75fdc
                                                                                                                    • Instruction Fuzzy Hash: D7C09B3C65C00487910CCF14D951675F3B6DBF7B18B35B11DCC0623255C134D552B55C
                                                                                                                    Function 00F01A3C Relevance: .0, Instructions: 12COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 50651f85794096bb8979f44674367e9c084fcba5960b1ecb52efd91826a09255
                                                                                                                    • Instruction ID: a235144243f464cc48f99d618c2bce1e349bf2cc54a1133233107a7f460529dd
                                                                                                                    • Opcode Fuzzy Hash: 50651f85794096bb8979f44674367e9c084fcba5960b1ecb52efd91826a09255
                                                                                                                    • Instruction Fuzzy Hash: 79C04C25F590448BC244CF85E891532B2A95306218710703A9602E7261C560D419A509
                                                                                                                    Function 00F35FD6 Relevance: .0, Instructions: 11COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2153011228.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EF0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2152998064.0000000000EF0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.0000000000F50000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000010CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011DF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153044628.00000000011F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153283582.00000000011F6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153386642.0000000001393000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2153414972.0000000001394000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ef0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f0b1a5571f89874e84eaca10d0452414a64851f2960e96761153bc51dd5c4847
                                                                                                                    • Instruction ID: 9d7fe9fb203289ec61bd44f5dca96c7b8acbbbebc9c3e5071de0bb1c9ed02396
                                                                                                                    • Opcode Fuzzy Hash: f0b1a5571f89874e84eaca10d0452414a64851f2960e96761153bc51dd5c4847
                                                                                                                    • Instruction Fuzzy Hash: C8C09228B680088BA24CCF18DD51A35F2BADBFBA18B25B12DCC06A3256D134D552960C