Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1532110
MD5:afb9dcc0aa332a544a4d456ca69c5756
SHA1:647b534700b635e25fcd686815dce09d60a9c373
SHA256:8a13c6e39dc4ca5a2368efd2d0a9fdad9f08898836aa6dca215913038819e0d1
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for domain / URL
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6200 cmdline: "C:\Users\user\Desktop\file.exe" MD5: AFB9DCC0AA332A544A4D456CA69C5756)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["dissapoiznw.store", "mobbipenju.store", "spirittunek.store", "clearancek.site", "eaglepawnoy.store", "studennotediw.store", "bathdoomgaz.store", "licendfilteo.site"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-12T12:14:12.461269+020020564771Domain Observed Used for C2 Detected192.168.2.5580131.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-12T12:14:12.306621+020020564711Domain Observed Used for C2 Detected192.168.2.5613821.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-12T12:14:12.437331+020020564811Domain Observed Used for C2 Detected192.168.2.5606581.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-12T12:14:12.410776+020020564831Domain Observed Used for C2 Detected192.168.2.5577631.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-12T12:14:12.484942+020020564731Domain Observed Used for C2 Detected192.168.2.5505631.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-12T12:14:12.396507+020020564851Domain Observed Used for C2 Detected192.168.2.5594031.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-12T12:14:12.473303+020020564751Domain Observed Used for C2 Detected192.168.2.5506351.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-12T12:14:12.449901+020020564791Domain Observed Used for C2 Detected192.168.2.5553491.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-12T12:14:13.742474+020028586661Domain Observed Used for C2 Detected192.168.2.549704104.102.49.254443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: file.exeAvira: detected
    Antivirus detection for URL or domain
    Source: https://steamcommunity.com/profiles/76561199724331900URL Reputation: Label: malware
    Source: https://steamcommunity.com:443/profiles/76561199724331900URL Reputation: Label: malware
    Found malware configuration
    Source: file.exe.6200.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["dissapoiznw.store", "mobbipenju.store", "spirittunek.store", "clearancek.site", "eaglepawnoy.store", "studennotediw.store", "bathdoomgaz.store", "licendfilteo.site"], "Build id": "4SD0y4--legendaryy"}
    Multi AV Scanner detection for domain / URL
    Source: clearancek.siteVirustotal: Detection: 17%Perma Link
    Source: spirittunek.storeVirustotal: Detection: 21%Perma Link
    Source: eaglepawnoy.storeVirustotal: Detection: 18%Perma Link
    Source: dissapoiznw.storeVirustotal: Detection: 21%Perma Link
    Source: mobbipenju.storeVirustotal: Detection: 21%Perma Link
    Source: licendfilteo.siteVirustotal: Detection: 15%Perma Link
    Source: studennotediw.storeVirustotal: Detection: 17%Perma Link
    Source: bathdoomgaz.storeVirustotal: Detection: 21%Perma Link
    Source: bathdoomgaz.storeVirustotal: Detection: 21%Perma Link
    Source: studennotediw.storeVirustotal: Detection: 17%Perma Link
    Source: https://clearancek.site:443/apiVirustotal: Detection: 19%Perma Link
    Source: clearancek.siteVirustotal: Detection: 17%Perma Link
    Source: dissapoiznw.storeVirustotal: Detection: 21%Perma Link
    Source: https://licendfilteo.site:443/apiVirustotal: Detection: 19%Perma Link
    Source: licendfilteo.siteVirustotal: Detection: 15%Perma Link
    Source: spirittunek.storeVirustotal: Detection: 21%Perma Link
    Source: eaglepawnoy.storeVirustotal: Detection: 18%Perma Link
    Source: mobbipenju.storeVirustotal: Detection: 21%Perma Link
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: licendfilteo.site
    Source: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: spirittunek.store
    Source: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: bathdoomgaz.store
    Source: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: studennotediw.store
    Source: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: dissapoiznw.store
    Source: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: eaglepawnoy.store
    Source: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: mobbipenju.store
    Source: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--legendaryy
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49704 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0070D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0070D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_007463B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00745700
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h0_2_0074695B
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_007499D0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]0_2_0070FCA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00710EEC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00744040
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then dec ebx0_2_0073F030
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00716F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, dword ptr [edx]0_2_00701000
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00746094
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_0072D1E1
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_00722260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [esi], ax0_2_00722260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_007142FC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, eax0_2_0070A300
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_007323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_007323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_007323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], al0_2_007323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_007323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+14h]0_2_007323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_0072C470
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0071D457
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]0_2_00741440
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp], 00000000h0_2_0071B410
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0072E40C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_007464B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00716536
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh0_2_00747520
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00729510
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]0_2_00708590
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0072E66A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_0073B650
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [edi+eax]0_2_00747710
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]0_2_007467EF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0072D7AF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_007228E9
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h0_2_0071D961
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h0_2_00743920
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]0_2_007049A0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_00705A50
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00744A40
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00711A3C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00711ACD
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_00749B60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+000006B8h]0_2_0071DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h0_2_0071DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00713BE2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00711BEE
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_00730B80
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [eax+esi+02h], 0000h0_2_0072EC48
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh0_2_0073FC20
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h0_2_00727C00
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00749CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh0_2_00749CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h0_2_0072CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0072CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h0_2_0072CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_0072AC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], ax0_2_0072AC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0072DD29
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh0_2_0072FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00748D8A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00725E70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00727E60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, word ptr [ecx]0_2_0072AE57
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, ecx0_2_00714E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [ebp+00h]0_2_0070BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [ebx], 00000000h0_2_00716EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]0_2_00706EA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00711E93
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0073FF70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00729F62
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00708FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00745FD6
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], 0000h0_2_0071FFDF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h0_2_00747FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00747FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00716F91

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.5:61382 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.5:59403 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.5:50563 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.5:57763 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.5:58013 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.5:55349 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.5:50635 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.5:60658 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.5:49704 -> 104.102.49.254:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: dissapoiznw.store
    Source: Malware configuration extractorURLs: mobbipenju.store
    Source: Malware configuration extractorURLs: spirittunek.store
    Source: Malware configuration extractorURLs: clearancek.site
    Source: Malware configuration extractorURLs: eaglepawnoy.store
    Source: Malware configuration extractorURLs: studennotediw.store
    Source: Malware configuration extractorURLs: bathdoomgaz.store
    Source: Malware configuration extractorURLs: licendfilteo.site
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: file.exe, 00000000.00000002.2146332739.00000000015A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=650a455735d5c6fc789ae610; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25489Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveSat, 12 Oct 2024 10:14:13 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: clearancek.site
    Source: global trafficDNS traffic detected: DNS query: mobbipenju.store
    Source: global trafficDNS traffic detected: DNS query: eaglepawnoy.store
    Source: global trafficDNS traffic detected: DNS query: dissapoiznw.store
    Source: global trafficDNS traffic detected: DNS query: studennotediw.store
    Source: global trafficDNS traffic detected: DNS query: bathdoomgaz.store
    Source: global trafficDNS traffic detected: DNS query: spirittunek.store
    Source: global trafficDNS traffic detected: DNS query: licendfilteo.site
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.00000000015D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134075813.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.00000000015D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134075813.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.00000000015D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134075813.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
    Source: file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: file.exe, 00000000.00000003.2134075813.000000000158E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clearancek.site:443/api
    Source: file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.00000000015D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134075813.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=engli
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.00000000015D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134075813.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.00000000015D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134075813.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.00000000015D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134075813.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQA
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.00000000015D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134075813.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
    Source: file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
    Source: file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: file.exe, 00000000.00000003.2134075813.000000000158E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://licendfilteo.site:443/api
    Source: file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.00000000015D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134075813.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com
    Source: file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.000000000156F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.00000000015D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134075813.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: file.exe, 00000000.00000003.2134075813.000000000156F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134075813.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.000000000156F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: file.exe, 00000000.00000003.2134075813.000000000158E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
    Source: file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134075813.000000000158E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: file.exe, 00000000.00000003.2134075813.000000000158E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f
    Source: file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.00000000015D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134075813.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.00000000015D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134075813.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49704 version: TLS 1.2

    System Summary

    barindex
    PE file contains section with special chars
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007102280_2_00710228
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007440400_2_00744040
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007120300_2_00712030
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007010000_2_00701000
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0074A0D00_2_0074A0D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007051600_2_00705160
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007071F00_2_007071F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008CE10E0_2_008CE10E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0070E1A00_2_0070E1A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008C91650_2_008C9165
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008122E10_2_008122E1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007012F70_2_007012F7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007382D00_2_007382D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007312D00_2_007312D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D32320_2_008D3232
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0083C3810_2_0083C381
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008DD3B90_2_008DD3B9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0070A3000_2_0070A300
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007323E00_2_007323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008E23330_2_008E2333
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0070B3A00_2_0070B3A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007013A30_2_007013A3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0072C4700_2_0072C470
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007364F00_2_007364F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0071049B0_2_0071049B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007144870_2_00714487
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009625830_2_00962583
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008005DC0_2_008005DC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0071C5F00_2_0071C5F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007035B00_2_007035B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007085900_2_00708590
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D16940_2_008D1694
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007486520_2_00748652
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0070164F0_2_0070164F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0073F6200_2_0073F620
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007486F00_2_007486F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008CC64E0_2_008CC64E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007318600_2_00731860
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0070A8500_2_0070A850
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008DB8AB0_2_008DB8AB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008618080_2_00861808
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0073B8C00_2_0073B8C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0073E8A00_2_0073E8A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008E09410_2_008E0941
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007489A00_2_007489A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0072098B0_2_0072098B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00744A400_2_00744A40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00747AB00_2_00747AB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00748A800_2_00748A80
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008CFB9A0_2_008CFB9A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0071DB6F0_2_0071DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00707BF00_2_00707BF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0081BB650_2_0081BB65
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D4CEC0_2_008D4CEC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00748C020_2_00748C02
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009FDC190_2_009FDC19
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0072CCD00_2_0072CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00746CBF0_2_00746CBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007FBCA20_2_007FBCA2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00728D620_2_00728D62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D9DA70_2_008D9DA7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008DEDC90_2_008DEDC9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0072DD290_2_0072DD29
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0072FD100_2_0072FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D6D6E0_2_008D6D6E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00748E700_2_00748E70
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0072AE570_2_0072AE57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00714E2A0_2_00714E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0070BEB00_2_0070BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00716EBF0_2_00716EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0070AF100_2_0070AF10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00708FD00_2_00708FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00747FC00_2_00747FC0
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0070CAA0 appears 48 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0071D300 appears 152 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: file.exeStatic PE information: Section: ZLIB complexity 0.999445647689769
    Source: file.exeStatic PE information: Section: oducqxss ZLIB complexity 0.9945223855900152
    Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@9/1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00738220 CoCreateInstance,0_2_00738220
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
    Source: file.exeStatic file information: File size 1862144 > 1048576
    Source: file.exeStatic PE information: Raw size of oducqxss is bigger than: 0x100000 < 0x19d200

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.700000.0.unpack :EW;.rsrc :W;.idata :W; :EW;oducqxss:EW;cqaljucb:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;oducqxss:EW;cqaljucb:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: file.exeStatic PE information: real checksum: 0x1cc588 should be: 0x1cde36
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: oducqxss
    Source: file.exeStatic PE information: section name: cqaljucb
    Source: file.exeStatic PE information: section name: .taggant
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0090909B push 0DDBC05Ah; mov dword ptr [esp], esi0_2_009090DD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0090208A push edx; mov dword ptr [esp], 44817400h0_2_0090210A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0090208A push edi; mov dword ptr [esp], esp0_2_0090212E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0093E0B5 push 4C03A461h; mov dword ptr [esp], edx0_2_0093E0CF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0093E0B5 push eax; mov dword ptr [esp], ecx0_2_0093E0D8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008C101E push edx; mov dword ptr [esp], eax0_2_008C105F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008C101E push edi; mov dword ptr [esp], 236EF3B0h0_2_008C10B8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008C101E push eax; mov dword ptr [esp], edx0_2_008C113C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009B9058 push ebx; mov dword ptr [esp], eax0_2_009B9223
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009B0077 push 13874DECh; mov dword ptr [esp], esp0_2_009B0098
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00965078 push 7CB75DBDh; mov dword ptr [esp], eax0_2_009650E6
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00965078 push ecx; mov dword ptr [esp], ebx0_2_00965166
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00965078 push eax; mov dword ptr [esp], 1FF73CF9h0_2_00965199
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00965078 push 0C645C0Bh; mov dword ptr [esp], ebx0_2_009651F6
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0097006B push 23E81EE8h; mov dword ptr [esp], eax0_2_0097007C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0097006B push 668D0F7Bh; mov dword ptr [esp], eax0_2_00970156
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0097006B push ebx; mov dword ptr [esp], 00000000h0_2_0097019B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0097006B push 5E945D5Ch; mov dword ptr [esp], ebp0_2_009701E7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0097006B push edi; mov dword ptr [esp], edx0_2_00970279
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008E618C push 0A577A58h; mov dword ptr [esp], eax0_2_008E6223
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008E618C push ebp; mov dword ptr [esp], eax0_2_008E623D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094D1FF push eax; mov dword ptr [esp], ebp0_2_0094D238
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094D1FF push 75E6D043h; mov dword ptr [esp], esi0_2_0094D250
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094D1FF push 7E7B51CFh; mov dword ptr [esp], eax0_2_0094D2E0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008CE10E push 5A9718A5h; mov dword ptr [esp], ecx0_2_008CE15A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008CE10E push ebp; mov dword ptr [esp], esi0_2_008CE24D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008CE10E push 2367922Fh; mov dword ptr [esp], ebx0_2_008CE288
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008CE10E push 54CCFEBBh; mov dword ptr [esp], ecx0_2_008CE337
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008CE10E push 6124E2BCh; mov dword ptr [esp], ebp0_2_008CE3F4
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008CE10E push ebx; mov dword ptr [esp], 7BFFCE20h0_2_008CE433
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008CE10E push ecx; mov dword ptr [esp], 2263DAA0h0_2_008CE53E
    Source: file.exeStatic PE information: section name: entropy: 7.973807730176552
    Source: file.exeStatic PE information: section name: oducqxss entropy: 7.954456060103932

    Boot Survival

    barindex
    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes / dynamic malware analysis system (registry check)
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 763A6C second address: 763A76 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F883902A816h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 763A76 second address: 763AA5 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8838F25CD5h 0x00000008 jmp 00007F8838F25CCFh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 pushad 0x00000011 jmp 00007F8838F25CD0h 0x00000016 push eax 0x00000017 push edx 0x00000018 push edi 0x00000019 pop edi 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E709A second address: 8E709E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E709E second address: 8E70AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnc 00007F8838F25CC8h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D47EE second address: 8D47F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E6105 second address: 8E610B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E6283 second address: 8E6287 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E6287 second address: 8E628F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E628F second address: 8E6294 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E655E second address: 8E6562 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E6562 second address: 8E6566 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E6566 second address: 8E6576 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 pushad 0x00000008 jo 00007F8838F25CD2h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E66F2 second address: 8E671F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F883902A81Dh 0x00000009 js 00007F883902A81Eh 0x0000000f jp 00007F883902A816h 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 jl 00007F883902A816h 0x0000001e pop eax 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E671F second address: 8E674F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F8838F25CD9h 0x0000000d popad 0x0000000e push eax 0x0000000f jno 00007F8838F25CC6h 0x00000015 jbe 00007F8838F25CC6h 0x0000001b pop eax 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E6888 second address: 8E68A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F883902A816h 0x0000000a popad 0x0000000b pop eax 0x0000000c jl 00007F883902A836h 0x00000012 push eax 0x00000013 push edx 0x00000014 push edx 0x00000015 pop edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E68A0 second address: 8E68A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E68A4 second address: 8E68AF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E9832 second address: 8E98C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ecx 0x00000006 pushad 0x00000007 popad 0x00000008 pop ecx 0x00000009 popad 0x0000000a add dword ptr [esp], 7941BA4Ch 0x00000011 push 00000003h 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007F8838F25CC8h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 0000001Ch 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d jno 00007F8838F25CC6h 0x00000033 push 00000000h 0x00000035 push 00000003h 0x00000037 jc 00007F8838F25CE5h 0x0000003d jnc 00007F8838F25CDFh 0x00000043 call 00007F8838F25CC9h 0x00000048 pushad 0x00000049 jo 00007F8838F25CDBh 0x0000004f jmp 00007F8838F25CD5h 0x00000054 push eax 0x00000055 push edx 0x00000056 pushad 0x00000057 popad 0x00000058 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E98C1 second address: 8E990B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F883902A829h 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push ebx 0x00000012 jmp 00007F883902A827h 0x00000017 pop ebx 0x00000018 mov eax, dword ptr [eax] 0x0000001a push eax 0x0000001b push edx 0x0000001c jo 00007F883902A818h 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E990B second address: 8E997A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8838F25CD5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d pushad 0x0000000e jc 00007F8838F25CDDh 0x00000014 jmp 00007F8838F25CD7h 0x00000019 pushad 0x0000001a jmp 00007F8838F25CD7h 0x0000001f pushad 0x00000020 popad 0x00000021 popad 0x00000022 popad 0x00000023 pop eax 0x00000024 push esi 0x00000025 xor dword ptr [ebp+122D2CB3h], eax 0x0000002b pop edi 0x0000002c lea ebx, dword ptr [ebp+1245961Fh] 0x00000032 xchg eax, ebx 0x00000033 pushad 0x00000034 push eax 0x00000035 push ecx 0x00000036 pop ecx 0x00000037 pop eax 0x00000038 pushad 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E9ACA second address: 8E9ACE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E9ACE second address: 8E9AD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E9AD2 second address: 8E9AE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E9AE0 second address: 8E9AE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E9AE4 second address: 8E9AEA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 907B9C second address: 907BA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 907BA2 second address: 907BB2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnp 00007F883902A830h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 907E7E second address: 907EBE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8838F25CD3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F8838F25D19h 0x0000000f push eax 0x00000010 jmp 00007F8838F25CD3h 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F8838F25CCAh 0x0000001d push esi 0x0000001e pop esi 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9082EB second address: 9082FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F883902A81Bh 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 90870A second address: 908726 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8838F25CD8h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 908726 second address: 908730 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F883902A816h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 908730 second address: 90873A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F8838F25CC6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 908891 second address: 908895 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 908895 second address: 9088AA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F8838F25CCFh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9088AA second address: 9088B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9088B1 second address: 9088DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8838F25CCFh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 jg 00007F8838F25CC6h 0x00000017 pop eax 0x00000018 pushad 0x00000019 push edi 0x0000001a pop edi 0x0000001b push esi 0x0000001c pop esi 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9088DA second address: 9088DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9088DF second address: 9088EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F8838F25CC6h 0x0000000a jns 00007F8838F25CC6h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9088EF second address: 9088F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 908BB3 second address: 908BCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8838F25CD3h 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 908BCD second address: 908BD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 908BD5 second address: 908BDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 908D1E second address: 908D32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F883902A816h 0x0000000a jnc 00007F883902A816h 0x00000010 popad 0x00000011 push ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 909594 second address: 909598 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 909598 second address: 9095A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9095A2 second address: 9095A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9095A6 second address: 9095B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 90BCBE second address: 90BCC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 90CE33 second address: 90CE37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9101BF second address: 9101C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9101C4 second address: 9101CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91574C second address: 91576A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F8838F25CCBh 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91576A second address: 915777 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 je 00007F883902A818h 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 915777 second address: 915781 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8838F25CD2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 915A6A second address: 915A6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 915A6F second address: 915A75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 915A75 second address: 915A7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F883902A816h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 915BA3 second address: 915BA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 915BA7 second address: 915BB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 915BB0 second address: 915BD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8838F25CD9h 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 915F0A second address: 915F11 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 916048 second address: 916050 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 916050 second address: 91606D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push ebx 0x00000007 jmp 00007F883902A823h 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91696B second address: 916970 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 916F1C second address: 916F20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 916F20 second address: 916F2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 916F2D second address: 916F31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 916F31 second address: 916F3B instructions: 0x00000000 rdtsc 0x00000002 je 00007F8838F25CC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 916F3B second address: 916F45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F883902A816h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9176D1 second address: 9176F1 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8838F25CC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jc 00007F8838F25CD2h 0x00000014 jmp 00007F8838F25CCCh 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9176F1 second address: 9176F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 917782 second address: 917788 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 917788 second address: 9177A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F883902A826h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 917A84 second address: 917A8A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 917B62 second address: 917B68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 917B68 second address: 917B6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 917B6C second address: 917B70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 917B70 second address: 917B90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8838F25CD5h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 917B90 second address: 917B95 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 917B95 second address: 917B9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 917D3A second address: 917D3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 918C91 second address: 918C95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91BDBB second address: 91BDC0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91C8E2 second address: 91C90D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F8838F25CD7h 0x0000000c jl 00007F8838F25CC6h 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 pushad 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91C90D second address: 91C913 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91C913 second address: 91C98A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jc 00007F8838F25CC8h 0x0000000b push esi 0x0000000c pop esi 0x0000000d popad 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007F8838F25CC8h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 00000019h 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 call 00007F8838F25CCBh 0x0000002e mov esi, dword ptr [ebp+122D26C9h] 0x00000034 pop esi 0x00000035 jmp 00007F8838F25CD9h 0x0000003a mov edi, 539D0004h 0x0000003f push 00000000h 0x00000041 mov dword ptr [ebp+1245F13Fh], eax 0x00000047 push 00000000h 0x00000049 mov edi, dword ptr [ebp+122D2927h] 0x0000004f xchg eax, ebx 0x00000050 push eax 0x00000051 push edx 0x00000052 push edx 0x00000053 push eax 0x00000054 pop eax 0x00000055 pop edx 0x00000056 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91C98A second address: 91C994 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F883902A816h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9214DF second address: 9214E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9206A3 second address: 9206AD instructions: 0x00000000 rdtsc 0x00000002 jne 00007F883902A816h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9214E3 second address: 9214ED instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8838F25CC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9206AD second address: 9206B2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9214ED second address: 9214F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9206B2 second address: 92073D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007F883902A818h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 00000014h 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 jne 00007F883902A81Bh 0x0000002a push dword ptr fs:[00000000h] 0x00000031 mov dword ptr [ebp+122D180Ch], ebx 0x00000037 mov dword ptr fs:[00000000h], esp 0x0000003e push 00000000h 0x00000040 push eax 0x00000041 call 00007F883902A818h 0x00000046 pop eax 0x00000047 mov dword ptr [esp+04h], eax 0x0000004b add dword ptr [esp+04h], 0000001Ah 0x00000053 inc eax 0x00000054 push eax 0x00000055 ret 0x00000056 pop eax 0x00000057 ret 0x00000058 mov edi, 136AE9B6h 0x0000005d mov eax, dword ptr [ebp+122D1289h] 0x00000063 sbb ebx, 25893BB9h 0x00000069 push FFFFFFFFh 0x0000006b add dword ptr [ebp+1247F358h], ebx 0x00000071 nop 0x00000072 push eax 0x00000073 push edx 0x00000074 jnp 00007F883902A818h 0x0000007a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92073D second address: 920742 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9216C3 second address: 9216C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9238E9 second address: 9238EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9238EF second address: 923906 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007F883902A81Ch 0x00000011 jnp 00007F883902A816h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92792B second address: 927935 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8838F25CC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 929BEA second address: 929BF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 927935 second address: 92794C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8838F25CCDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 929BF0 second address: 929C56 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F883902A825h 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push eax 0x00000012 call 00007F883902A818h 0x00000017 pop eax 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c add dword ptr [esp+04h], 00000015h 0x00000024 inc eax 0x00000025 push eax 0x00000026 ret 0x00000027 pop eax 0x00000028 ret 0x00000029 mov ebx, dword ptr [ebp+122D1A2Dh] 0x0000002f push 00000000h 0x00000031 sub dword ptr [ebp+122D2D5Ch], ecx 0x00000037 push 00000000h 0x00000039 pushad 0x0000003a cld 0x0000003b jmp 00007F883902A821h 0x00000040 popad 0x00000041 xchg eax, esi 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 push esi 0x00000046 pop esi 0x00000047 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92794C second address: 927950 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92B9D2 second address: 92B9D7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92C999 second address: 92C9B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8838F25CD3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92C9B0 second address: 92CA04 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F883902A829h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push ebx 0x0000000d pushad 0x0000000e push edi 0x0000000f pop edi 0x00000010 jbe 00007F883902A816h 0x00000016 popad 0x00000017 pop ebx 0x00000018 nop 0x00000019 mov dword ptr [ebp+1247F557h], esi 0x0000001f push 00000000h 0x00000021 mov di, ax 0x00000024 push 00000000h 0x00000026 and di, 7777h 0x0000002b push eax 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007F883902A822h 0x00000033 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92D907 second address: 92D90B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92D90B second address: 92D980 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F883902A818h 0x0000000c push edx 0x0000000d pop edx 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 push 00000000h 0x00000014 push edi 0x00000015 call 00007F883902A818h 0x0000001a pop edi 0x0000001b mov dword ptr [esp+04h], edi 0x0000001f add dword ptr [esp+04h], 0000001Ch 0x00000027 inc edi 0x00000028 push edi 0x00000029 ret 0x0000002a pop edi 0x0000002b ret 0x0000002c push 00000000h 0x0000002e jmp 00007F883902A826h 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push ebx 0x00000038 call 00007F883902A818h 0x0000003d pop ebx 0x0000003e mov dword ptr [esp+04h], ebx 0x00000042 add dword ptr [esp+04h], 00000014h 0x0000004a inc ebx 0x0000004b push ebx 0x0000004c ret 0x0000004d pop ebx 0x0000004e ret 0x0000004f mov di, dx 0x00000052 xchg eax, esi 0x00000053 push eax 0x00000054 push edx 0x00000055 pushad 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92D980 second address: 92D986 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92D986 second address: 92D98B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92D98B second address: 92D99F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8838F25CD0h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92D99F second address: 92D9B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jns 00007F883902A816h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92D9B2 second address: 92D9B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92ACC7 second address: 92AD68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jl 00007F883902A816h 0x0000000b jmp 00007F883902A829h 0x00000010 popad 0x00000011 popad 0x00000012 mov dword ptr [esp], eax 0x00000015 push 00000000h 0x00000017 push eax 0x00000018 call 00007F883902A818h 0x0000001d pop eax 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 add dword ptr [esp+04h], 00000017h 0x0000002a inc eax 0x0000002b push eax 0x0000002c ret 0x0000002d pop eax 0x0000002e ret 0x0000002f push dword ptr fs:[00000000h] 0x00000036 push 00000000h 0x00000038 push ecx 0x00000039 call 00007F883902A818h 0x0000003e pop ecx 0x0000003f mov dword ptr [esp+04h], ecx 0x00000043 add dword ptr [esp+04h], 00000018h 0x0000004b inc ecx 0x0000004c push ecx 0x0000004d ret 0x0000004e pop ecx 0x0000004f ret 0x00000050 movzx edi, dx 0x00000053 mov dword ptr fs:[00000000h], esp 0x0000005a mov edi, dword ptr [ebp+122D202Eh] 0x00000060 mov eax, dword ptr [ebp+122D170Dh] 0x00000066 mov ebx, dword ptr [ebp+122D2A33h] 0x0000006c push FFFFFFFFh 0x0000006e mov di, ax 0x00000071 push eax 0x00000072 pushad 0x00000073 pushad 0x00000074 jmp 00007F883902A81Ch 0x00000079 push eax 0x0000007a push edx 0x0000007b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92EA30 second address: 92EA48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8838F25CD1h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92CB4E second address: 92CB52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92CB52 second address: 92CB58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92CB58 second address: 92CB62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F883902A816h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92FA97 second address: 92FAA1 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8838F25CC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92FAA1 second address: 92FAA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92FAA6 second address: 92FAFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F8838F25CC6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push edi 0x00000011 call 00007F8838F25CC8h 0x00000016 pop edi 0x00000017 mov dword ptr [esp+04h], edi 0x0000001b add dword ptr [esp+04h], 00000015h 0x00000023 inc edi 0x00000024 push edi 0x00000025 ret 0x00000026 pop edi 0x00000027 ret 0x00000028 push 00000000h 0x0000002a movzx ebx, si 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push ebx 0x00000032 call 00007F8838F25CC8h 0x00000037 pop ebx 0x00000038 mov dword ptr [esp+04h], ebx 0x0000003c add dword ptr [esp+04h], 00000014h 0x00000044 inc ebx 0x00000045 push ebx 0x00000046 ret 0x00000047 pop ebx 0x00000048 ret 0x00000049 push eax 0x0000004a pushad 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92FAFA second address: 92FAFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92FAFE second address: 92FB0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007F8838F25CC6h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92EC47 second address: 92EC4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92EC4B second address: 92EC55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92EC55 second address: 92EC81 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F883902A828h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b je 00007F883902A824h 0x00000011 push eax 0x00000012 push edx 0x00000013 jnp 00007F883902A816h 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92FC34 second address: 92FC38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92FC38 second address: 92FCCC instructions: 0x00000000 rdtsc 0x00000002 jp 00007F883902A816h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b jng 00007F883902A816h 0x00000011 pop esi 0x00000012 popad 0x00000013 mov dword ptr [esp], eax 0x00000016 jmp 00007F883902A81Dh 0x0000001b mov dword ptr [ebp+122D276Eh], edi 0x00000021 push dword ptr fs:[00000000h] 0x00000028 push 00000000h 0x0000002a push ebp 0x0000002b call 00007F883902A818h 0x00000030 pop ebp 0x00000031 mov dword ptr [esp+04h], ebp 0x00000035 add dword ptr [esp+04h], 00000014h 0x0000003d inc ebp 0x0000003e push ebp 0x0000003f ret 0x00000040 pop ebp 0x00000041 ret 0x00000042 xor edi, dword ptr [ebp+122D2B6Fh] 0x00000048 mov dword ptr fs:[00000000h], esp 0x0000004f mov ebx, 339AA530h 0x00000054 mov eax, dword ptr [ebp+122D1529h] 0x0000005a mov di, cx 0x0000005d push FFFFFFFFh 0x0000005f call 00007F883902A829h 0x00000064 or dword ptr [ebp+124827E3h], eax 0x0000006a pop edi 0x0000006b nop 0x0000006c push eax 0x0000006d push edx 0x0000006e push ebx 0x0000006f jng 00007F883902A816h 0x00000075 pop ebx 0x00000076 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92FCCC second address: 92FCD6 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8838F25CCCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92FCD6 second address: 92FCEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jnc 00007F883902A818h 0x0000000e jng 00007F883902A81Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 933C3E second address: 933C44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 933C44 second address: 933C48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 933C48 second address: 933C56 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8838F25CC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 933C56 second address: 933C78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 ja 00007F883902A818h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F883902A81Fh 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 933C78 second address: 933C7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E1E71 second address: 8E1E77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 93DC86 second address: 93DCA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jl 00007F8838F25CC6h 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F8838F25CCFh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 93DCA5 second address: 93DCAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 93DCAA second address: 93DCB4 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8838F25CCCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 93DCB4 second address: 93DCE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F883902A82Bh 0x0000000a jmp 00007F883902A825h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 jmp 00007F883902A81Fh 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 93DCE9 second address: 93DCED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 942040 second address: 94205D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F883902A81Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push edi 0x0000000f jo 00007F883902A81Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 946B2C second address: 946B46 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8838F25CD5h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 946F53 second address: 946F58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 946F58 second address: 946F76 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8838F25CD8h 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94DA58 second address: 94DA64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F883902A816h 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94C6C2 second address: 94C6C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94C84A second address: 94C866 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F883902A827h 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94CA16 second address: 94CA1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94CA1A second address: 94CA35 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F883902A821h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94CEB5 second address: 94CEC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jg 00007F8838F25CC6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94C38D second address: 94C394 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94D485 second address: 94D498 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F8838F25CC6h 0x0000000a popad 0x0000000b jl 00007F8838F25CCEh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94D498 second address: 94D49E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94D49E second address: 94D4B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8838F25CCDh 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94D4B8 second address: 94D4BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9521C4 second address: 9521C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 952616 second address: 952630 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F883902A816h 0x0000000a jmp 00007F883902A81Bh 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 952630 second address: 952634 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 952634 second address: 95267A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F883902A829h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c ja 00007F883902A816h 0x00000012 pushad 0x00000013 popad 0x00000014 jnp 00007F883902A816h 0x0000001a popad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F883902A822h 0x00000025 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95267A second address: 952682 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 952682 second address: 95268E instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F883902A81Eh 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95182E second address: 951883 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8838F25CD6h 0x00000009 jmp 00007F8838F25CD7h 0x0000000e popad 0x0000000f jmp 00007F8838F25CD8h 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jns 00007F8838F25CC6h 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 951883 second address: 951889 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 954A75 second address: 954A7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F8838F25CC6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D629B second address: 8D629F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D629F second address: 8D62A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95ED73 second address: 95ED77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95ED77 second address: 95ED83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jc 00007F8838F25CC6h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DCF23 second address: 8DCF2D instructions: 0x00000000 rdtsc 0x00000002 jo 00007F883902A81Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95DBEA second address: 95DBF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F8838F25CC6h 0x0000000a pop ebx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95DBF5 second address: 95DBFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95DBFB second address: 95DBFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91E714 second address: 91E71A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91E71A second address: 8FD71B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jnc 00007F8838F25CC6h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jne 00007F8838F25CCAh 0x00000013 nop 0x00000014 mov dword ptr [ebp+1245E55Eh], esi 0x0000001a mov edi, dword ptr [ebp+122D2AEBh] 0x00000020 lea eax, dword ptr [ebp+1248E42Eh] 0x00000026 mov dword ptr [ebp+122D2CF5h], edx 0x0000002c nop 0x0000002d pushad 0x0000002e push eax 0x0000002f jmp 00007F8838F25CD4h 0x00000034 pop eax 0x00000035 jp 00007F8838F25CCCh 0x0000003b jno 00007F8838F25CC6h 0x00000041 popad 0x00000042 push eax 0x00000043 pushad 0x00000044 jl 00007F8838F25CC8h 0x0000004a push edx 0x0000004b pop edx 0x0000004c pushad 0x0000004d push edx 0x0000004e pop edx 0x0000004f push eax 0x00000050 pop eax 0x00000051 popad 0x00000052 popad 0x00000053 nop 0x00000054 mov cx, 7C77h 0x00000058 call dword ptr [ebp+122D2DFCh] 0x0000005e js 00007F8838F25CF7h 0x00000064 push eax 0x00000065 push edx 0x00000066 jmp 00007F8838F25CD4h 0x0000006b pushad 0x0000006c popad 0x0000006d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91E828 second address: 91E843 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F883902A81Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007F883902A818h 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91E92F second address: 91E957 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F8838F25CDAh 0x0000000c jmp 00007F8838F25CD4h 0x00000011 popad 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91E957 second address: 91E95B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91E95B second address: 91E965 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8838F25CC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91ED0C second address: 91ED87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F883902A823h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a add dword ptr [esp], 0161425Ah 0x00000011 push 00000000h 0x00000013 push edi 0x00000014 call 00007F883902A818h 0x00000019 pop edi 0x0000001a mov dword ptr [esp+04h], edi 0x0000001e add dword ptr [esp+04h], 0000001Ch 0x00000026 inc edi 0x00000027 push edi 0x00000028 ret 0x00000029 pop edi 0x0000002a ret 0x0000002b call 00007F883902A819h 0x00000030 ja 00007F883902A81Eh 0x00000036 push eax 0x00000037 jmp 00007F883902A827h 0x0000003c mov eax, dword ptr [esp+04h] 0x00000040 push edi 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 popad 0x00000045 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91ED87 second address: 91ED96 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91ED96 second address: 91ED9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91ED9A second address: 91EDA4 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8838F25CC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91EE99 second address: 91EE9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91F10D second address: 91F11F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F8838F25CC6h 0x0000000a popad 0x0000000b pop edx 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91F246 second address: 91F24A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91F24A second address: 91F24E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91F6AD second address: 91F6BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F883902A81Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91F6BC second address: 91F6CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8838F25CCAh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91F945 second address: 91F949 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91F9BB second address: 91FA1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 mov ecx, dword ptr [ebp+122D2C39h] 0x0000000f mov edx, dword ptr [ebp+122D2BA3h] 0x00000015 lea eax, dword ptr [ebp+1248E472h] 0x0000001b mov di, si 0x0000001e nop 0x0000001f jmp 00007F8838F25CCBh 0x00000024 push eax 0x00000025 ja 00007F8838F25CD8h 0x0000002b nop 0x0000002c clc 0x0000002d lea eax, dword ptr [ebp+1248E42Eh] 0x00000033 mov ecx, dword ptr [ebp+122D2DBEh] 0x00000039 nop 0x0000003a push eax 0x0000003b push edx 0x0000003c jl 00007F8838F25CCCh 0x00000042 jl 00007F8838F25CC6h 0x00000048 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95E0EB second address: 95E0F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F883902A816h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95E0F7 second address: 95E0FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95E392 second address: 95E3AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jg 00007F883902A816h 0x0000000d pop ecx 0x0000000e popad 0x0000000f push edx 0x00000010 pushad 0x00000011 jl 00007F883902A816h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95E653 second address: 95E664 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8838F25CCDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95E664 second address: 95E6D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F883902A823h 0x00000008 jmp 00007F883902A828h 0x0000000d jmp 00007F883902A826h 0x00000012 ja 00007F883902A816h 0x00000018 popad 0x00000019 push edx 0x0000001a jmp 00007F883902A829h 0x0000001f pop edx 0x00000020 pop edx 0x00000021 pop eax 0x00000022 pushad 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95E6D0 second address: 95E6F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F8838F25CC6h 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8838F25CD9h 0x00000012 push esi 0x00000013 pop esi 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 962A19 second address: 962A22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 962A22 second address: 962A28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 962A28 second address: 962A2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 962A2C second address: 962A38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 962A38 second address: 962A41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 964D74 second address: 964D9D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jc 00007F8838F25CC6h 0x00000011 jmp 00007F8838F25CD7h 0x00000016 popad 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E03EA second address: 8E03EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E03EE second address: 8E03F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 964914 second address: 96491C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 964A8D second address: 964A93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 964A93 second address: 964A98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 964A98 second address: 964AA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F8838F25CC6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 964AA4 second address: 964AA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96A662 second address: 96A668 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96A668 second address: 96A66E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96A66E second address: 96A6A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F8838F25CCEh 0x0000000e pop ecx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jnp 00007F8838F25CDFh 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96A6A9 second address: 96A6B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CC1B9 second address: 8CC1BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CC1BF second address: 8CC1C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CC1C3 second address: 8CC1C9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96A193 second address: 96A199 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96A199 second address: 96A1BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnp 00007F8838F25CC6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push edx 0x0000000e pop edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 pushad 0x00000015 jmp 00007F8838F25CCAh 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96E738 second address: 96E74A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F883902A81Ah 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96E74A second address: 96E74F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96E8D4 second address: 96E90A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F883902A822h 0x00000007 push esi 0x00000008 push esi 0x00000009 pop esi 0x0000000a push edx 0x0000000b pop edx 0x0000000c pop esi 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 pushad 0x00000011 jmp 00007F883902A824h 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96EDF4 second address: 96EE12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8838F25CCDh 0x00000008 pushad 0x00000009 popad 0x0000000a jnc 00007F8838F25CC6h 0x00000010 push edx 0x00000011 pop edx 0x00000012 popad 0x00000013 push esi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96F0BF second address: 96F0D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F883902A820h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96F0D4 second address: 96F0DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9723F5 second address: 9723FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9723FA second address: 972400 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 972598 second address: 9725B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F883902A827h 0x0000000e pop esi 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9725B9 second address: 9725C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F8838F25CC6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9725C3 second address: 9725CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9725CF second address: 9725D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97270D second address: 97272E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F883902A821h 0x00000009 jmp 00007F883902A81Bh 0x0000000e popad 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97272E second address: 972733 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 979995 second address: 97999B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97A2A1 second address: 97A2CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8838F25CD1h 0x00000007 jmp 00007F8838F25CD2h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97A2CB second address: 97A2DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F883902A816h 0x0000000a pushad 0x0000000b popad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e popad 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97A2DA second address: 97A2F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8838F25CD1h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97A2F0 second address: 97A2F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97E0C1 second address: 97E0D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007F8838F25CC6h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 982E56 second address: 982E75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edi 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F883902A820h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 982E75 second address: 982E79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 982E79 second address: 982E82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 988A18 second address: 988A29 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8838F25CCCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 988B50 second address: 988B90 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jp 00007F883902A816h 0x00000012 jmp 00007F883902A81Bh 0x00000017 jmp 00007F883902A81Eh 0x0000001c push edi 0x0000001d pop edi 0x0000001e popad 0x0000001f pushad 0x00000020 pushad 0x00000021 popad 0x00000022 push eax 0x00000023 pop eax 0x00000024 jmp 00007F883902A81Ch 0x00000029 popad 0x0000002a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 988B90 second address: 988B95 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 988B95 second address: 988B9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 988B9B second address: 988BB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8838F25CD5h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 988BB7 second address: 988BBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 988E73 second address: 988E79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 988E79 second address: 988EC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jng 00007F883902A816h 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F883902A822h 0x00000013 popad 0x00000014 popad 0x00000015 pushad 0x00000016 jmp 00007F883902A81Bh 0x0000001b jg 00007F883902A818h 0x00000021 push eax 0x00000022 push edx 0x00000023 jp 00007F883902A816h 0x00000029 jmp 00007F883902A81Eh 0x0000002e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 988EC5 second address: 988EC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98904D second address: 989051 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 989051 second address: 989066 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jne 00007F8838F25CC6h 0x0000000d jbe 00007F8838F25CC6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 989506 second address: 98950A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98A308 second address: 98A32A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007F8838F25CD9h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 992A82 second address: 992A9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F883902A816h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e jmp 00007F883902A81Dh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 995377 second address: 995380 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99520C second address: 995216 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F883902A816h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A5E9E second address: 9A5EA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A5EA4 second address: 9A5EC9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F883902A827h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d jnl 00007F883902A816h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A5937 second address: 9A593F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A593F second address: 9A5960 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F883902A833h 0x00000008 jmp 00007F883902A827h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AA550 second address: 9AA554 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BA7F3 second address: 9BA82E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F883902A81Fh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jns 00007F883902A816h 0x00000012 jnl 00007F883902A816h 0x00000018 push eax 0x00000019 pop eax 0x0000001a popad 0x0000001b pushad 0x0000001c jmp 00007F883902A823h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C199D second address: 9C19AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C19AA second address: 9C19BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F883902A81Ah 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C19BA second address: 9C19C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C1E2E second address: 9C1E39 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edi 0x00000004 pop edi 0x00000005 push edx 0x00000006 pop edx 0x00000007 pop esi 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C20C4 second address: 9C20CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C23B3 second address: 9C23B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C23B9 second address: 9C23D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8838F25CD1h 0x00000009 popad 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pop edx 0x0000000e pushad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C2D8D second address: 9C2D91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C2D91 second address: 9C2DA2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8838F25CCDh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C2DA2 second address: 9C2DCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jmp 00007F883902A825h 0x0000000f push edx 0x00000010 pop edx 0x00000011 pushad 0x00000012 popad 0x00000013 jns 00007F883902A816h 0x00000019 popad 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C5AB2 second address: 9C5ACE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8838F25CD8h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C5ACE second address: 9C5AD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C5617 second address: 9C5648 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8838F25CD1h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F8838F25CD7h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C5648 second address: 9C564E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E2971 second address: 9E2975 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E2B81 second address: 9E2B93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F883902A81Eh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E2B93 second address: 9E2B97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FB234 second address: 9FB23A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FB3C6 second address: 9FB3D0 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8838F25CC6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FB3D0 second address: 9FB419 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 push edx 0x0000000a pop edx 0x0000000b pop edi 0x0000000c jmp 00007F883902A81Bh 0x00000011 popad 0x00000012 pushad 0x00000013 jne 00007F883902A82Ah 0x00000019 jmp 00007F883902A81Ah 0x0000001e je 00007F883902A818h 0x00000024 pushad 0x00000025 popad 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FB419 second address: 9FB41F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FB41F second address: 9FB423 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FB9C0 second address: 9FB9E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F8838F25CD6h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jne 00007F8838F25CC6h 0x00000012 pop eax 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FB9E4 second address: 9FBA0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F883902A81Ch 0x00000009 jmp 00007F883902A826h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FBA0A second address: 9FBA0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FBA0E second address: 9FBA25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F883902A81Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FBBA2 second address: 9FBBA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FBBA6 second address: 9FBBAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FBD1A second address: 9FBD2F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F8838F25CCCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0016B second address: A00186 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F883902A827h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A00186 second address: A00190 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F8838F25CC6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0023C second address: A00249 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A00249 second address: A0024D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0024D second address: A00253 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0057B second address: A0057F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0057F second address: A00589 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F883902A816h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A007DE second address: A00806 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jng 00007F8838F25CDDh 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A00806 second address: A0085B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F883902A81Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007F883902A818h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 00000014h 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 cld 0x00000025 sub edx, dword ptr [ebp+122D2A63h] 0x0000002b push dword ptr [ebp+122D2DA2h] 0x00000031 movsx edx, di 0x00000034 call 00007F883902A819h 0x00000039 push eax 0x0000003a push edx 0x0000003b jne 00007F883902A81Ch 0x00000041 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0085B second address: A0088F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F8838F25CD7h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F8838F25CD3h 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0088F second address: A008AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F883902A81Ah 0x0000000b popad 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jg 00007F883902A816h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A008AF second address: A008B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A008B4 second address: A008E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F883902A822h 0x00000008 push eax 0x00000009 pop eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [eax] 0x0000000f pushad 0x00000010 jmp 00007F883902A81Bh 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A008E0 second address: A008E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A008E4 second address: A0090C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e jmp 00007F883902A829h 0x00000013 pop esi 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0090C second address: A00912 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A00912 second address: A00916 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A00916 second address: A0091A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0206B second address: A02072 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D11B1 second address: 8D11B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D11B5 second address: 8D11BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D11BB second address: 8D11C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53D0DD5 second address: 53D0E0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F883902A827h 0x00000008 push ecx 0x00000009 pop edx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [eax+00000860h] 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F883902A81Ch 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53D0E0A second address: 53D0E19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8838F25CCBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53D0E19 second address: 53D0E59 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F883902A829h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test eax, eax 0x0000000b pushad 0x0000000c mov ax, C9B3h 0x00000010 mov edi, esi 0x00000012 popad 0x00000013 je 00007F88A96D0735h 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F883902A821h 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53D0E59 second address: 53D0E78 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8838F25CD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test byte ptr [eax+04h], 00000005h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53D0E78 second address: 53D0E7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53D0E7C second address: 53D0E8F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8838F25CCFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Tries to evade debugger and weak emulator (self modifying code)
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 763B10 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 91E8C3 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 1680Thread sleep time: -30000s >= -30000sJump to behavior
    Source: file.exe, file.exe, 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: file.exe, 00000000.00000003.2134075813.000000000158E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146237824.000000000151E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: file.exe, 00000000.00000003.2134075813.000000000156F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.000000000156F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
    Source: file.exe, 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (window names)
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00745BB0 LdrInitializeThunk,0_2_00745BB0

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: file.exeString found in binary or memory: clearancek.site
    Source: file.exeString found in binary or memory: licendfilteo.site
    Source: file.exeString found in binary or memory: spirittunek.stor
    Source: file.exeString found in binary or memory: bathdoomgaz.stor
    Source: file.exeString found in binary or memory: studennotediw.stor
    Source: file.exeString found in binary or memory: dissapoiznw.stor
    Source: file.exeString found in binary or memory: eaglepawnoy.stor
    Source: file.exeString found in binary or memory: mobbipenju.stor
    Source: file.exe, 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: o`+EhProgram Manager
    Source: file.exe, file.exe, 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: `+EhProgram Manager
    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Command and Scripting Interpreter    		1
    DLL Side-Loading    		1
    Process Injection    		24
    Virtualization/Sandbox Evasion    		OS Credential Dumping631
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    PowerShell    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Process Injection    		LSASS Memory24
    Virtualization/Sandbox Evasion    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
    Obfuscated Files or Information    		NTDS23
    System Information Discovery    		Distributed Component Object ModelInput Capture113
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe100%AviraTR/Crypt.ZPACK.Gen
    file.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    SourceDetectionScannerLabelLink
    steamcommunity.com0%VirustotalBrowse
    clearancek.site18%VirustotalBrowse
    spirittunek.store22%VirustotalBrowse
    eaglepawnoy.store19%VirustotalBrowse
    dissapoiznw.store22%VirustotalBrowse
    mobbipenju.store22%VirustotalBrowse
    licendfilteo.site16%VirustotalBrowse
    studennotediw.store18%VirustotalBrowse
    bathdoomgaz.store22%VirustotalBrowse

    URLs

    SourceDetectionScannerLabelLink
    https://player.vimeo.com0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=english0%URL Reputationsafe
    https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/0%URL Reputationsafe
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
    https://recaptcha.net/recaptcha/;0%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://store.steampowered.com/stats/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
    https://medal.tv0%URL Reputationsafe
    https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=10%URL Reputationsafe
    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
    https://login.steampowered.com/0%URL Reputationsafe
    https://store.steampowered.com/legal/0%URL Reputationsafe
    https://steam.tv/0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900100%URL Reputationmalware
    https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=engl0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://steamcommunity.com:443/profiles/76561199724331900100%URL Reputationmalware
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://recaptcha.net0%URL Reputationsafe
    https://store.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw0%URL Reputationsafe
    https://lv.queniujq.cn0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=en0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english0%URL Reputationsafe
    https://checkout.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/0%URL Reputationsafe
    https://api.steampowered.com/0%URL Reputationsafe
    http://store.steampowered.com/account/cookiepreferences/0%URL Reputationsafe
    https://store.steampowered.com/mobile0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
    https://store.steampowered.com/;0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe
    https://steamcommunity.com/market/0%VirustotalBrowse
    https://steamcommunity.com/my/wishlist/0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp0%VirustotalBrowse
    https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org0%VirustotalBrowse
    https://www.youtube.com0%VirustotalBrowse
    https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/0%VirustotalBrowse
    https://steamcommunity.com/?subsection=broadcasts0%VirustotalBrowse
    https://steamcommunity.com/discussions/0%VirustotalBrowse
    bathdoomgaz.store22%VirustotalBrowse
    https://steamcommunity.com/login/home/?goto=profiles%2F765611997243319000%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&amp;l=engli0%VirustotalBrowse
    studennotediw.store18%VirustotalBrowse
    https://www.google.com0%VirustotalBrowse
    https://clearancek.site:443/api20%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi0%VirustotalBrowse
    clearancek.site18%VirustotalBrowse
    https://steamcommunity.com/workshop/0%VirustotalBrowse
    dissapoiznw.store22%VirustotalBrowse
    https://licendfilteo.site:443/api20%VirustotalBrowse
    licendfilteo.site16%VirustotalBrowse
    spirittunek.store22%VirustotalBrowse
    http://127.0.0.1:270600%VirustotalBrowse
    eaglepawnoy.store19%VirustotalBrowse
    https://www.youtube.com/0%VirustotalBrowse
    mobbipenju.store22%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQA0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a0%VirustotalBrowse
    https://steamcommunity.com0%VirustotalBrowse
    https://www.google.com/recaptcha/0%VirustotalBrowse
    https://sketchfab.com0%VirustotalBrowse

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truetrueunknown
    eaglepawnoy.store
    		unknown
    		unknowntrueunknown
    bathdoomgaz.store
    		unknown
    		unknowntrueunknown
    spirittunek.store
    		unknown
    		unknowntrueunknown
    licendfilteo.site
    		unknown
    		unknowntrueunknown
    studennotediw.store
    		unknown
    		unknowntrueunknown
    mobbipenju.store
    		unknown
    		unknowntrueunknown
    clearancek.site
    		unknown
    		unknowntrueunknown
    dissapoiznw.store
    		unknown
    		unknowntrueunknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    bathdoomgaz.storetrueunknown
    studennotediw.storetrueunknown
    clearancek.sitetrueunknown
    dissapoiznw.storetrueunknown
    https://steamcommunity.com/profiles/76561199724331900true
    • URL Reputation: malware
    		unknown
    spirittunek.storetrueunknown
    licendfilteo.sitetrueunknown
    eaglepawnoy.storetrueunknown
    mobbipenju.storetrueunknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://steamcommunity.com/my/wishlist/file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpfalseunknown
    https://player.vimeo.comfile.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=englishfile.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015DC000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&ampfile.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015DC000.00000004.00000020.00020000.00000000.sdmpfalseunknown
    https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5ffile.exe, 00000000.00000003.2134075813.000000000158E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://steamcommunity.com/?subsection=broadcastsfile.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpfalseunknown
    https://help.steampowered.com/en/file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpfalseunknown
    https://steamcommunity.com/market/file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpfalseunknown
    https://store.steampowered.com/news/file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://community.akamai.steamstatic.com/file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://www.gstatic.cn/recaptcha/file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.00000000015D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134075813.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgfile.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.00000000015D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134075813.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpfalseunknown
    https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.00000000015D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134075813.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://recaptcha.net/recaptcha/;file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://www.valvesoftware.com/legal.htmfile.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://steamcommunity.com/discussions/file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpfalseunknown
    https://www.youtube.comfile.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpfalseunknown
    https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngfile.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://www.google.comfile.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpfalseunknown
    https://community.akamai.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&amp;l=englifile.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015DC000.00000004.00000020.00020000.00000000.sdmpfalseunknown
    https://store.steampowered.com/stats/file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngfile.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://medal.tvfile.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://broadcast.st.dl.eccdnx.comfile.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.00000000015D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134075813.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://store.steampowered.com/steam_refunds/file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015DC000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackfile.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.00000000015D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134075813.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpfalseunknown
    https://clearancek.site:443/apifile.exe, 00000000.00000003.2134075813.000000000158E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmptrueunknown
    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLfile.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015DC000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPifile.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.00000000015D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134075813.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpfalseunknown
    https://s.ytimg.com;file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpfalse
      		unknown
      https://steamcommunity.com/workshop/file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpfalseunknown
      https://login.steampowered.com/file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://store.steampowered.com/legal/file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.00000000015D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134075813.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://steam.tv/file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://licendfilteo.site:443/apifile.exe, 00000000.00000003.2134075813.000000000158E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmptrueunknown
      https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=englishfile.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015DC000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvfile.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=englfile.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015DC000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      http://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.00000000015D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134075813.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://steamcommunity.com:443/profiles/76561199724331900file.exe, 00000000.00000003.2134075813.000000000158E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmptrue
      • URL Reputation: malware
      		unknown
      https://store.steampowered.com/points/shop/file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://recaptcha.netfile.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://store.steampowered.com/file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvwfile.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015DC000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://steamcommunity.comfile.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.00000000015D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134075813.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpfalseunknown
      https://sketchfab.comfile.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpfalseunknown
      https://lv.queniujq.cnfile.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://www.youtube.com/file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpfalseunknown
      http://127.0.0.1:27060file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpfalseunknown
      https://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=enfile.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015DC000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015DC000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&afile.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.00000000015D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134075813.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpfalseunknown
      https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amfile.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015DC000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQAfile.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.00000000015D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134075813.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpfalseunknown
      https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=englishfile.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015DC000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://www.google.com/recaptcha/file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpfalseunknown
      https://checkout.steampowered.com/file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=englishfile.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015DC000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://help.steampowered.com/file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://api.steampowered.com/file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      http://store.steampowered.com/account/cookiepreferences/file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.00000000015D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134075813.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.0000000001555000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015D7000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://store.steampowered.com/mobilefile.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngfile.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://steamcommunity.com/file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.000000000156F000.00000004.00000020.00020000.00000000.sdmpfalse
        		unknown
        https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCfile.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134213165.00000000015DC000.00000004.00000020.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://store.steampowered.com/;file.exe, 00000000.00000003.2134075813.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134075813.000000000158E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2146332739.000000000158E000.00000004.00000020.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://store.steampowered.com/about/file.exe, 00000000.00000003.2134042815.00000000015DD000.00000004.00000020.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        104.102.49.254
        		steamcommunity.comUnited States
        		16625AKAMAI-ASUStrue

        General Information

        Joe Sandbox version:41.0.0 Charoite
        Analysis ID:1532110
        Start date and time:2024-10-12 12:13:11 +02:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 2m 56s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:default.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:2
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:file.exe
        Detection:MAL
        Classification:mal100.troj.evad.winEXE@1/0@9/1
        EGA Information:
        • Successful, ratio: 100%
        HCA Information:Failed
        Cookbook Comments:
        • Found application associated with file extension: .exe
        • Stop behavior analysis, all processes terminated

        Warnings

        • Exclude process from analysis (whitelisted): dllhost.exe
        • Report size getting too big, too many NtOpenKeyEx calls found.
        • Report size getting too big, too many NtQueryValueKey calls found.

        Simulations

        Behavior and APIs

        TimeTypeDescription
        06:14:11API Interceptor3x Sleep call for process: file.exe modified

        Joe Sandbox View / Context

        IPs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
        • www.valvesoftware.com/legal.htm

        Domains

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        steamcommunity.comSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeGet hashmaliciousLummaCBrowse
        • 104.102.49.254
        file.exeGet hashmaliciousLummaCBrowse
        • 104.102.49.254
        file.exeGet hashmaliciousLummaCBrowse
        • 104.102.49.254
        file.exeGet hashmaliciousLummaCBrowse
        • 104.102.49.254
        mWcDQrv9bb.exeGet hashmaliciousLummaCBrowse
        • 104.102.49.254
        oUbgeGwOL8.exeGet hashmaliciousLummaC, Amadey, StealcBrowse
        • 104.102.49.254
        UuQADITfTr.exeGet hashmaliciousLummaCBrowse
        • 104.102.49.254
        NDJBSLalTk.exeGet hashmaliciousLummaCBrowse
        • 104.102.49.254
        tlFLXwAslF.exeGet hashmaliciousLummaCBrowse
        • 104.102.49.254
        oOJUkmV24a.exeGet hashmaliciousLummaCBrowse
        • 104.102.49.254

        ASNs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        AKAMAI-ASUSSecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeGet hashmaliciousLummaCBrowse
        • 104.102.49.254
        file.exeGet hashmaliciousLummaCBrowse
        • 104.102.49.254
        file.exeGet hashmaliciousLummaCBrowse
        • 104.102.49.254
        file.exeGet hashmaliciousLummaCBrowse
        • 104.102.49.254
        mWcDQrv9bb.exeGet hashmaliciousLummaCBrowse
        • 104.102.49.254
        oUbgeGwOL8.exeGet hashmaliciousLummaC, Amadey, StealcBrowse
        • 104.102.49.254
        UuQADITfTr.exeGet hashmaliciousLummaCBrowse
        • 104.102.49.254
        NDJBSLalTk.exeGet hashmaliciousLummaCBrowse
        • 104.102.49.254
        tlFLXwAslF.exeGet hashmaliciousLummaCBrowse
        • 104.102.49.254
        oOJUkmV24a.exeGet hashmaliciousLummaCBrowse
        • 104.102.49.254

        JA3 Fingerprints

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        a0e9f5d64349fb13191bc781f81f42e1SecuriteInfo.com.Win32.CrypterX-gen.869.7164.exeGet hashmaliciousLummaCBrowse
        • 104.102.49.254
        file.exeGet hashmaliciousLummaCBrowse
        • 104.102.49.254
        file.exeGet hashmaliciousLummaCBrowse
        • 104.102.49.254
        file.exeGet hashmaliciousLummaCBrowse
        • 104.102.49.254
        mWcDQrv9bb.exeGet hashmaliciousLummaCBrowse
        • 104.102.49.254
        oUbgeGwOL8.exeGet hashmaliciousLummaC, Amadey, StealcBrowse
        • 104.102.49.254
        UuQADITfTr.exeGet hashmaliciousLummaCBrowse
        • 104.102.49.254
        NDJBSLalTk.exeGet hashmaliciousLummaCBrowse
        • 104.102.49.254
        tlFLXwAslF.exeGet hashmaliciousLummaCBrowse
        • 104.102.49.254
        oOJUkmV24a.exeGet hashmaliciousLummaCBrowse
        • 104.102.49.254

        Dropped Files

        No context

        Created / dropped Files

        No created / dropped files found

        Static File Info

        General

        File type:PE32 executable (GUI) Intel 80386, for MS Windows
        Entropy (8bit):7.948690110594896
        TrID:
        • Win32 Executable (generic) a (10002005/4) 99.96%
        • Generic Win/DOS Executable (2004/3) 0.02%
        • DOS Executable Generic (2002/1) 0.02%
        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
        File name:file.exe
        File size:1'862'144 bytes
        MD5:afb9dcc0aa332a544a4d456ca69c5756
        SHA1:647b534700b635e25fcd686815dce09d60a9c373
        SHA256:8a13c6e39dc4ca5a2368efd2d0a9fdad9f08898836aa6dca215913038819e0d1
        SHA512:5bc5344670cbf8f65c56bd19c51e92208c331c34863352bd31703e0cd75229fb15cdd22374a801c570ea5ef1fca2334f39186644aa40943b6c1f5c1c9827ae16
        SSDEEP:49152:vuxOEj4tzhR2yWn1DaUMC4e0TLsbC6nBDQrGNT+fop:NEj4tzGunRMT6rGi4
        TLSH:528533160EE65560D103F6BF8353987EAFC98132D14876AC796BB32181934C7EB426BF
        File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f..............................J...........@...........................J...........@.................................W...k..

        File Icon

        Icon Hash:00928e8e8686b000

        Static PE Info

        General

        Entrypoint:0x8ac000
        Entrypoint Section:.taggant
        Digitally signed:false
        Imagebase:0x400000
        Subsystem:windows gui
        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
        DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
        Time Stamp:0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
        TLS Callbacks:
        CLR (.Net) Version:
        OS Version Major:6
        OS Version Minor:0
        File Version Major:6
        File Version Minor:0
        Subsystem Version Major:6
        Subsystem Version Minor:0
        Import Hash:2eabe9054cad5152567f0699947a2c5b

        Entrypoint Preview

        Instruction
        jmp 00007F883868216Ah
        cmovs ebx, dword ptr [eax+eax]
        add byte ptr [eax], al
        add byte ptr [eax], al
        jmp 00007F8838684165h
        add byte ptr [ecx], al
        or al, byte ptr [eax]
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], dh
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        or byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [ecx], al
        or al, byte ptr [eax]
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], cl
        add byte ptr [eax], 00000000h
        add byte ptr [eax], al
        add byte ptr [eax], al
        adc byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        pop es
        or al, byte ptr [eax]
        add byte ptr [eax], al
        add byte ptr [eax], al

        Data Directories

        NameVirtual AddressVirtual Size Is in Section
        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_IMPORT0x5f0570x6b.idata
        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
        IMAGE_DIRECTORY_ENTRY_BASERELOC0x5f1f80x8.idata
        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

        Sections

        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
        0x10000x5d0000x25e006d24a6b0b4b7fcbeb16508db328e0423False0.999445647689769data7.973807730176552IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        .rsrc 0x5e0000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        .idata 0x5f0000x10000x200fe72def8b74193a84232a780098a7ce0False0.150390625data1.04205214219471IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        0x600000x2ad0000x2006b78133921a498d2329a6211f14bbb36unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        oducqxss0x30d0000x19e0000x19d2008da09dd4670e3c94b1f8280f26980b25False0.9945223855900152data7.954456060103932IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        cqaljucb0x4ab0000x10000x4002305d495cfcdc6894f973839c338ef05False0.7529296875data5.980739270125146IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        .taggant0x4ac0000x30000x22009b5085409fe1ffe517ac7265b7c7c9dfFalse0.06192555147058824DOS executable (COM)0.7790913842777717IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

        Imports

        DLLImport
        kernel32.dlllstrcpy

        Network Behavior

        Suricata IDS Alerts

        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
        2024-10-12T12:14:12.306621+02002056471ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)1192.168.2.5613821.1.1.153UDP
        2024-10-12T12:14:12.396507+02002056485ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)1192.168.2.5594031.1.1.153UDP
        2024-10-12T12:14:12.410776+02002056483ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)1192.168.2.5577631.1.1.153UDP
        2024-10-12T12:14:12.437331+02002056481ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)1192.168.2.5606581.1.1.153UDP
        2024-10-12T12:14:12.449901+02002056479ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)1192.168.2.5553491.1.1.153UDP
        2024-10-12T12:14:12.461269+02002056477ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)1192.168.2.5580131.1.1.153UDP
        2024-10-12T12:14:12.473303+02002056475ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)1192.168.2.5506351.1.1.153UDP
        2024-10-12T12:14:12.484942+02002056473ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)1192.168.2.5505631.1.1.153UDP
        2024-10-12T12:14:13.742474+02002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.549704104.102.49.254443TCP

        Network Port Distribution

        TCP Packets

        TimestampSource PortDest PortSource IPDest IP
        Oct 12, 2024 12:14:12.509133101 CEST49704443192.168.2.5104.102.49.254
        Oct 12, 2024 12:14:12.509179115 CEST44349704104.102.49.254192.168.2.5
        Oct 12, 2024 12:14:12.509248972 CEST49704443192.168.2.5104.102.49.254
        Oct 12, 2024 12:14:12.510217905 CEST49704443192.168.2.5104.102.49.254
        Oct 12, 2024 12:14:12.510238886 CEST44349704104.102.49.254192.168.2.5
        Oct 12, 2024 12:14:13.223131895 CEST44349704104.102.49.254192.168.2.5
        Oct 12, 2024 12:14:13.223221064 CEST49704443192.168.2.5104.102.49.254
        Oct 12, 2024 12:14:13.234725952 CEST49704443192.168.2.5104.102.49.254
        Oct 12, 2024 12:14:13.234752893 CEST44349704104.102.49.254192.168.2.5
        Oct 12, 2024 12:14:13.235136032 CEST44349704104.102.49.254192.168.2.5
        Oct 12, 2024 12:14:13.274743080 CEST49704443192.168.2.5104.102.49.254
        Oct 12, 2024 12:14:13.319431067 CEST44349704104.102.49.254192.168.2.5
        Oct 12, 2024 12:14:13.742474079 CEST44349704104.102.49.254192.168.2.5
        Oct 12, 2024 12:14:13.742506981 CEST44349704104.102.49.254192.168.2.5
        Oct 12, 2024 12:14:13.742562056 CEST49704443192.168.2.5104.102.49.254
        Oct 12, 2024 12:14:13.742574930 CEST44349704104.102.49.254192.168.2.5
        Oct 12, 2024 12:14:13.742623091 CEST44349704104.102.49.254192.168.2.5
        Oct 12, 2024 12:14:13.742660999 CEST44349704104.102.49.254192.168.2.5
        Oct 12, 2024 12:14:13.742675066 CEST44349704104.102.49.254192.168.2.5
        Oct 12, 2024 12:14:13.742687941 CEST49704443192.168.2.5104.102.49.254
        Oct 12, 2024 12:14:13.742687941 CEST49704443192.168.2.5104.102.49.254
        Oct 12, 2024 12:14:13.742687941 CEST49704443192.168.2.5104.102.49.254
        Oct 12, 2024 12:14:13.742708921 CEST49704443192.168.2.5104.102.49.254
        Oct 12, 2024 12:14:13.742708921 CEST49704443192.168.2.5104.102.49.254
        Oct 12, 2024 12:14:13.859601021 CEST44349704104.102.49.254192.168.2.5
        Oct 12, 2024 12:14:13.859694004 CEST44349704104.102.49.254192.168.2.5
        Oct 12, 2024 12:14:13.859708071 CEST49704443192.168.2.5104.102.49.254
        Oct 12, 2024 12:14:13.859740973 CEST44349704104.102.49.254192.168.2.5
        Oct 12, 2024 12:14:13.859755993 CEST44349704104.102.49.254192.168.2.5
        Oct 12, 2024 12:14:13.859782934 CEST49704443192.168.2.5104.102.49.254
        Oct 12, 2024 12:14:13.859803915 CEST49704443192.168.2.5104.102.49.254
        Oct 12, 2024 12:14:13.860522032 CEST49704443192.168.2.5104.102.49.254
        Oct 12, 2024 12:14:13.860546112 CEST44349704104.102.49.254192.168.2.5
        Oct 12, 2024 12:14:13.860559940 CEST49704443192.168.2.5104.102.49.254
        Oct 12, 2024 12:14:13.860568047 CEST44349704104.102.49.254192.168.2.5

        UDP Packets

        TimestampSource PortDest PortSource IPDest IP
        Oct 12, 2024 12:14:12.306621075 CEST6138253192.168.2.51.1.1.1
        Oct 12, 2024 12:14:12.325516939 CEST53613821.1.1.1192.168.2.5
        Oct 12, 2024 12:14:12.396507025 CEST5940353192.168.2.51.1.1.1
        Oct 12, 2024 12:14:12.409749985 CEST53594031.1.1.1192.168.2.5
        Oct 12, 2024 12:14:12.410775900 CEST5776353192.168.2.51.1.1.1
        Oct 12, 2024 12:14:12.431457996 CEST53577631.1.1.1192.168.2.5
        Oct 12, 2024 12:14:12.437330961 CEST6065853192.168.2.51.1.1.1
        Oct 12, 2024 12:14:12.446768045 CEST53606581.1.1.1192.168.2.5
        Oct 12, 2024 12:14:12.449901104 CEST5534953192.168.2.51.1.1.1
        Oct 12, 2024 12:14:12.460329056 CEST53553491.1.1.1192.168.2.5
        Oct 12, 2024 12:14:12.461268902 CEST5801353192.168.2.51.1.1.1
        Oct 12, 2024 12:14:12.470676899 CEST53580131.1.1.1192.168.2.5
        Oct 12, 2024 12:14:12.473303080 CEST5063553192.168.2.51.1.1.1
        Oct 12, 2024 12:14:12.482712984 CEST53506351.1.1.1192.168.2.5
        Oct 12, 2024 12:14:12.484941959 CEST5056353192.168.2.51.1.1.1
        Oct 12, 2024 12:14:12.493748903 CEST53505631.1.1.1192.168.2.5
        Oct 12, 2024 12:14:12.497385979 CEST5983253192.168.2.51.1.1.1
        Oct 12, 2024 12:14:12.504630089 CEST53598321.1.1.1192.168.2.5

        DNS Queries

        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Oct 12, 2024 12:14:12.306621075 CEST192.168.2.51.1.1.10x673bStandard query (0)clearancek.siteA (IP address)IN (0x0001)false
        Oct 12, 2024 12:14:12.396507025 CEST192.168.2.51.1.1.10x7468Standard query (0)mobbipenju.storeA (IP address)IN (0x0001)false
        Oct 12, 2024 12:14:12.410775900 CEST192.168.2.51.1.1.10xcaaeStandard query (0)eaglepawnoy.storeA (IP address)IN (0x0001)false
        Oct 12, 2024 12:14:12.437330961 CEST192.168.2.51.1.1.10x8a82Standard query (0)dissapoiznw.storeA (IP address)IN (0x0001)false
        Oct 12, 2024 12:14:12.449901104 CEST192.168.2.51.1.1.10x8ca6Standard query (0)studennotediw.storeA (IP address)IN (0x0001)false
        Oct 12, 2024 12:14:12.461268902 CEST192.168.2.51.1.1.10xcb35Standard query (0)bathdoomgaz.storeA (IP address)IN (0x0001)false
        Oct 12, 2024 12:14:12.473303080 CEST192.168.2.51.1.1.10xdcdStandard query (0)spirittunek.storeA (IP address)IN (0x0001)false
        Oct 12, 2024 12:14:12.484941959 CEST192.168.2.51.1.1.10x8c53Standard query (0)licendfilteo.siteA (IP address)IN (0x0001)false
        Oct 12, 2024 12:14:12.497385979 CEST192.168.2.51.1.1.10x944bStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false

        DNS Answers

        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Oct 12, 2024 12:14:12.325516939 CEST1.1.1.1192.168.2.50x673bName error (3)clearancek.sitenonenoneA (IP address)IN (0x0001)false
        Oct 12, 2024 12:14:12.409749985 CEST1.1.1.1192.168.2.50x7468Name error (3)mobbipenju.storenonenoneA (IP address)IN (0x0001)false
        Oct 12, 2024 12:14:12.431457996 CEST1.1.1.1192.168.2.50xcaaeName error (3)eaglepawnoy.storenonenoneA (IP address)IN (0x0001)false
        Oct 12, 2024 12:14:12.446768045 CEST1.1.1.1192.168.2.50x8a82Name error (3)dissapoiznw.storenonenoneA (IP address)IN (0x0001)false
        Oct 12, 2024 12:14:12.460329056 CEST1.1.1.1192.168.2.50x8ca6Name error (3)studennotediw.storenonenoneA (IP address)IN (0x0001)false
        Oct 12, 2024 12:14:12.470676899 CEST1.1.1.1192.168.2.50xcb35Name error (3)bathdoomgaz.storenonenoneA (IP address)IN (0x0001)false
        Oct 12, 2024 12:14:12.482712984 CEST1.1.1.1192.168.2.50xdcdName error (3)spirittunek.storenonenoneA (IP address)IN (0x0001)false
        Oct 12, 2024 12:14:12.493748903 CEST1.1.1.1192.168.2.50x8c53Name error (3)licendfilteo.sitenonenoneA (IP address)IN (0x0001)false
        Oct 12, 2024 12:14:12.504630089 CEST1.1.1.1192.168.2.50x944bNo error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false

        HTTP Request Dependency Graph

        • steamcommunity.com

        HTTPS Proxied Packets

        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        0192.168.2.549704104.102.49.2544436200C:\Users\user\Desktop\file.exe
        TimestampBytes transferredDirectionData
        2024-10-12 10:14:13 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
        Connection: Keep-Alive
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
        Host: steamcommunity.com
        2024-10-12 10:14:13 UTC1870INHTTP/1.1 200 OK
        Server: nginx
        Content-Type: text/html; charset=UTF-8
        Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
        Expires: Mon, 26 Jul 1997 05:00:00 GMT
        Cache-Control: no-cache
        Date: Sat, 12 Oct 2024 10:14:13 GMT
        Content-Length: 25489
        Connection: close
        Set-Cookie: sessionid=650a455735d5c6fc789ae610; Path=/; Secure; SameSite=None
        Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
        2024-10-12 10:14:13 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
        Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
        2024-10-12 10:14:13 UTC10975INData Raw: 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 74 68 61 69 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 68 61 69 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e0 b9 84 e0 b8 97 e0 b8 a2 20 28 54 68 61 69 29 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 62 75 6c 67 61 72 69 61 6e 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 62 75 6c 67 61 72 69 61 6e 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61
        Data Ascii: <a class="popup_menu_item tight" href="?l=thai" onclick="ChangeLanguage( 'thai' ); return false;"> (Thai)</a><a class="popup_menu_item tight" href="?l=bulgarian" onclick="ChangeLanguage( 'bulgarian' ); return fa


        Statistics

        CPU Usage

        Click to jump to process

        Memory Usage

        Click to jump to process

        High Level Behavior Distribution

        Click to dive into process behavior distribution

        System Behavior

        General

        Target ID:0
        Start time:06:14:09
        Start date:12/10/2024
        Path:C:\Users\user\Desktop\file.exe
        Wow64 process (32bit):true
        Commandline:"C:\Users\user\Desktop\file.exe"
        Imagebase:0x700000
        File size:1'862'144 bytes
        MD5 hash:AFB9DCC0AA332A544A4D456CA69C5756
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:true

        Disassembly

        Reset < >

          Execution Graph

          Execution Coverage:0.8%
          Dynamic/Decrypted Code Coverage:0%
          Signature Coverage:71.4%
          Total number of Nodes:42
          Total number of Limit Nodes:4
          execution_graph 21165 70d110 21166 70d119 21165->21166 21167 70d2ee ExitProcess 21166->21167 21168 70d2e9 21166->21168 21171 710b40 FreeLibrary 21166->21171 21172 7456e0 FreeLibrary 21168->21172 21171->21168 21172->21167 21178 7499d0 21179 7499f5 21178->21179 21180 749a5f 21179->21180 21184 745bb0 LdrInitializeThunk 21179->21184 21182 749b0e 21180->21182 21185 745bb0 LdrInitializeThunk 21180->21185 21184->21180 21185->21182 21186 70edb5 21188 70edd0 21186->21188 21190 70fca0 21188->21190 21191 70fcdc 21190->21191 21192 70ef70 21191->21192 21194 743220 21191->21194 21195 743236 21194->21195 21196 7432a2 RtlFreeHeap 21194->21196 21197 7432ac 21194->21197 21195->21196 21196->21197 21197->21192 21221 743202 RtlAllocateHeap 21222 73d9cb 21223 73d9fb 21222->21223 21225 73da65 21223->21225 21226 745bb0 LdrInitializeThunk 21223->21226 21226->21223 21198 71049b 21202 710227 21198->21202 21199 710455 21201 745700 2 API calls 21199->21201 21203 710308 21201->21203 21202->21199 21202->21203 21204 745700 21202->21204 21205 745797 21204->21205 21206 74571b 21204->21206 21208 74578c 21204->21208 21210 745729 21204->21210 21209 743220 RtlFreeHeap 21205->21209 21206->21205 21206->21208 21206->21210 21207 745776 RtlReAllocateHeap 21207->21208 21208->21199 21209->21208 21210->21207 21211 7464b8 21213 7463f2 21211->21213 21212 74646e 21213->21212 21215 745bb0 LdrInitializeThunk 21213->21215 21215->21212

          Executed Functions

          Function 0070FCA0 Relevance: 5.4, Strings: 4, Instructions: 373COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 25 70fca0-70fcda 26 70fd0b-70fe22 25->26 27 70fcdc-70fcdf 25->27 29 70fe24 26->29 30 70fe5b-70fe8c 26->30 28 70fce0-70fd09 call 712690 27->28 28->26 32 70fe30-70fe59 call 712760 29->32 33 70feb6-70fec5 call 710b50 30->33 34 70fe8e-70fe8f 30->34 32->30 41 70feca-70fecf 33->41 37 70fe90-70feb4 call 712700 34->37 37->33 42 70ffe4-70ffe6 41->42 43 70fed5-70fef8 41->43 47 7101b1-7101bb 42->47 45 70fefa 43->45 46 70ff2b-70ff2d 43->46 48 70ff00-70ff29 call 7127e0 45->48 49 70ff30-70ff3a 46->49 48->46 51 70ff41-70ff49 49->51 52 70ff3c-70ff3f 49->52 54 7101a2-7101ad call 743220 51->54 55 70ff4f-70ff76 51->55 52->49 52->51 54->47 57 70ff78 55->57 58 70ffab-70ffb5 55->58 60 70ff80-70ffa9 call 712840 57->60 61 70ffb7-70ffbb 58->61 62 70ffeb 58->62 60->58 63 70ffc7-70ffcb 61->63 64 70ffed-70ffef 62->64 66 70ffd1-70ffd8 63->66 67 71019a 63->67 64->67 68 70fff5-71002c 64->68 70 70ffda-70ffdc 66->70 71 70ffde 66->71 67->54 72 71005b-710065 68->72 73 71002e-71002f 68->73 70->71 74 70ffc0-70ffc5 71->74 75 70ffe0-70ffe2 71->75 77 7100a4 72->77 78 710067-71006f 72->78 76 710030-710059 call 7128a0 73->76 74->63 74->64 75->74 76->72 80 7100a6-7100a8 77->80 79 710087-71008b 78->79 79->67 82 710091-710098 79->82 80->67 83 7100ae-7100c5 80->83 85 71009a-71009c 82->85 86 71009e 82->86 87 7100c7 83->87 88 7100fb-710102 83->88 85->86 89 710080-710085 86->89 90 7100a0-7100a2 86->90 91 7100d0-7100f9 call 712900 87->91 92 710130-71013c 88->92 93 710104-71010d 88->93 89->79 89->80 90->89 91->88 94 7101c2-7101c7 92->94 96 710117-71011b 93->96 94->54 96->67 97 71011d-710124 96->97 99 710126-710128 97->99 100 71012a 97->100 99->100 101 710110-710115 100->101 102 71012c-71012e 100->102 101->96 103 710141-710143 101->103 102->101 103->67 104 710145-71015b 103->104 104->94 105 71015d-71015f 104->105 106 710163-710166 105->106 107 710168-710188 call 712030 106->107 108 7101bc 106->108 111 710192-710198 107->111 112 71018a-710190 107->112 108->94 111->94 112->106 112->111
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: J|BJ$V$VY^_$t
          • API String ID: 0-3701112211
          • Opcode ID: 12ee37716864218208c9f7a4c5f6c04dffbc1d9a68e349fa187e2eaaf65feab0
          • Instruction ID: 99aa000d2280f56b4ded7690d636748c783ba792ac5ce258762d3f185ed3875e
          • Opcode Fuzzy Hash: 12ee37716864218208c9f7a4c5f6c04dffbc1d9a68e349fa187e2eaaf65feab0
          • Instruction Fuzzy Hash: 59D19C7450C3809BD320DF18C49469FBBE1AB96B44F14492CF4C98B292D379DD89EBD2
          Function 0070D110 Relevance: 1.7, APIs: 1, Instructions: 168COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 149 70d110-70d11b call 744cc0 152 70d121-70d130 call 73c8d0 149->152 153 70d2ee-70d2f6 ExitProcess 149->153 157 70d136-70d15f 152->157 158 70d2e9 call 7456e0 152->158 162 70d161 157->162 163 70d196-70d1bf 157->163 158->153 164 70d170-70d194 call 70d300 162->164 165 70d1c1 163->165 166 70d1f6-70d20c 163->166 164->163 170 70d1d0-70d1f4 call 70d370 165->170 167 70d239-70d23b 166->167 168 70d20e-70d20f 166->168 172 70d286-70d2aa 167->172 173 70d23d-70d25a 167->173 171 70d210-70d237 call 70d3e0 168->171 170->166 171->167 178 70d2d6 call 70e8f0 172->178 179 70d2ac-70d2af 172->179 173->172 177 70d25c-70d25f 173->177 183 70d260-70d284 call 70d440 177->183 185 70d2db-70d2dd 178->185 184 70d2b0-70d2d4 call 70d490 179->184 183->172 184->178 185->158 188 70d2df-70d2e4 call 712f10 call 710b40 185->188 188->158
          APIs
          • ExitProcess.KERNEL32(00000000), ref: 0070D2F1
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID: ExitProcess
          • String ID:
          • API String ID: 621844428-0
          • Opcode ID: 48c96c6010db2243192b9993822a3f1f90f554ba84b27842a3a404fe45c4fffb
          • Instruction ID: 6615d5cdbc653a8b7ba805f87209f6c52497517690e66bb2f8ee453c0f29ebad
          • Opcode Fuzzy Hash: 48c96c6010db2243192b9993822a3f1f90f554ba84b27842a3a404fe45c4fffb
          • Instruction Fuzzy Hash: 8541337050D380EBC321ABA8D588A2EFBF5AF56704F148E0CE5C497292D33ADC508B67
          Function 00745700 Relevance: 1.6, APIs: 1, Instructions: 69memoryCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 194 745700-745714 195 745797-7457a5 call 743220 194->195 196 7457b0 194->196 197 7457b2 194->197 198 74578c-745795 call 7431a0 194->198 199 745729-74574a 194->199 200 74571b-745722 194->200 195->196 196->197 205 7457b4-7457b9 197->205 198->205 201 745776-74578a RtlReAllocateHeap 199->201 202 74574c-74574f 199->202 200->195 200->196 200->197 200->199 201->205 206 745750-745774 call 745b30 202->206 206->201
          APIs
          • RtlReAllocateHeap.NTDLL(?,00000000,?,?), ref: 00745784
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID: AllocateHeap
          • String ID:
          • API String ID: 1279760036-0
          • Opcode ID: 9dcce2d07838e7bda584952ad0408053a90c1f3bd9f1b82070db6c7cf1d82a67
          • Instruction ID: ddb53a7f0bdeff558562ee060fd6969b06c938ee4ba1b1e36e954b9e5a6ad27f
          • Opcode Fuzzy Hash: 9dcce2d07838e7bda584952ad0408053a90c1f3bd9f1b82070db6c7cf1d82a67
          • Instruction Fuzzy Hash: 8711A07191C240EBC302AF28E844A1BBBF5EF96711F05882CE4C49B222D339D810CB97
          Function 00745BB0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 221 745bb0-745be2 LdrInitializeThunk
          APIs
          • LdrInitializeThunk.NTDLL(0074973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00745BDE
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID:
          • API String ID: 2994545307-0
          • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
          • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
          • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
          • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
          Function 0074695B Relevance: 1.4, Strings: 1, Instructions: 100COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 250 74695b-74696b call 744a20 253 746981-746a02 250->253 254 74696d 250->254 256 746a04 253->256 257 746a36-746a42 253->257 255 746970-74697f 254->255 255->253 255->255 260 746a10-746a34 call 7473e0 256->260 258 746a44-746a4f 257->258 259 746a85-746a9f 257->259 261 746a50-746a57 258->261 260->257 263 746a60-746a66 261->263 264 746a59-746a5c 261->264 263->259 267 746a68-746a7d call 745bb0 263->267 264->261 266 746a5e 264->266 266->259 269 746a82 267->269 269->259
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: @
          • API String ID: 0-2766056989
          • Opcode ID: b6e508aa2e463f15c220b45342fbe2c6ec14b5c3667ebcf41e28b06da5fdd1ce
          • Instruction ID: 61970f517c1ce08a2ee79521fc8dba82d8f1fba23d291dbe2453ce7db7e87a36
          • Opcode Fuzzy Hash: b6e508aa2e463f15c220b45342fbe2c6ec14b5c3667ebcf41e28b06da5fdd1ce
          • Instruction Fuzzy Hash: 1C31A8B16183019FD718DF14C8A072AB7F1FF8A345F08881CE5C6A72A1E7799904CB56
          Function 0071049B Relevance: .3, Instructions: 264COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 270 71049b-710515 call 70c9f0 274 710311-710332 270->274 275 710370-71037e 270->275 276 7103d0-7103d7 270->276 277 710393-710397 270->277 278 710472-710477 270->278 279 710417-710430 270->279 280 710356 270->280 281 710339-71034f 270->281 282 71045b-710469 call 745700 270->282 283 7103fb-710414 270->283 284 71051c-71051e 270->284 285 71035f-710367 270->285 286 7103be 270->286 287 7103de-7103e3 270->287 288 710440-710458 call 745700 270->288 289 710480 270->289 290 710242-710244 270->290 291 710482-710484 270->291 292 710227-71023b 270->292 293 710246-710260 270->293 294 710386-71038c 270->294 295 710308-71030c 270->295 296 7103ec-7103f4 270->296 274->275 274->276 274->277 274->278 274->279 274->280 274->281 274->282 274->283 274->285 274->286 274->287 274->288 274->289 274->291 274->294 274->296 275->294 276->277 276->278 276->279 276->283 276->287 276->289 276->291 276->294 276->296 304 7103a0-7103b7 277->304 278->289 279->288 280->285 281->275 281->276 281->277 281->278 281->279 281->280 281->282 281->283 281->285 281->286 281->287 281->288 281->289 281->291 281->294 281->296 282->278 283->279 297 710520-710b30 284->297 285->275 286->276 287->296 288->282 298 710296-7102bd 290->298 302 71048d-710496 291->302 292->274 292->275 292->276 292->277 292->278 292->279 292->280 292->281 292->282 292->283 292->285 292->286 292->287 292->288 292->289 292->290 292->291 292->293 292->294 292->295 292->296 299 710262 293->299 300 710294 293->300 294->277 294->278 294->289 294->291 295->302 296->277 296->278 296->283 296->289 296->291 306 7102ea-710301 298->306 307 7102bf 298->307 305 710270-710292 call 712eb0 299->305 300->298 302->297 304->276 304->277 304->278 304->279 304->282 304->283 304->286 304->287 304->288 304->289 304->291 304->294 304->296 305->300 306->274 306->275 306->276 306->277 306->278 306->279 306->280 306->281 306->282 306->283 306->285 306->286 306->287 306->288 306->289 306->291 306->294 306->295 306->296 317 7102c0-7102e8 call 712e70 307->317 317->306
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: eafb7468fb24abf7471af7a84476cae1d5e37d765eca2b273062770aede802f6
          • Instruction ID: 94acd728c91280873c0e8dde37994b3eb00bbd71371c5e63cbe7480f3841c245
          • Opcode Fuzzy Hash: eafb7468fb24abf7471af7a84476cae1d5e37d765eca2b273062770aede802f6
          • Instruction Fuzzy Hash: 0291AD75200B00CFD724CF25D894A27B7F6FF8A314B118A6DE8568BAA1D778F855CB90
          Function 00710228 Relevance: .2, Instructions: 218COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 324 710228-71023b 325 710311-710332 324->325 326 710370-71037e 324->326 327 7103d0-7103d7 324->327 328 710393-710397 324->328 329 710472-710477 324->329 330 710417-710430 324->330 331 710356 324->331 332 710339-71034f 324->332 333 71045b-710469 call 745700 324->333 334 7103fb-710414 324->334 335 71035f-710367 324->335 336 7103be 324->336 337 7103de-7103e3 324->337 338 710440-710458 call 745700 324->338 339 710480 324->339 340 710242-710244 324->340 341 710482-710484 324->341 342 710246-710260 324->342 343 710386-71038c 324->343 344 710308-71030c 324->344 345 7103ec-7103f4 324->345 325->326 325->327 325->328 325->329 325->330 325->331 325->332 325->333 325->334 325->335 325->336 325->337 325->338 325->339 325->341 325->343 325->345 326->343 327->328 327->329 327->330 327->334 327->337 327->339 327->341 327->343 327->345 352 7103a0-7103b7 328->352 329->339 330->338 331->335 332->326 332->327 332->328 332->329 332->330 332->331 332->333 332->334 332->335 332->336 332->337 332->338 332->339 332->341 332->343 332->345 333->329 334->330 335->326 336->327 337->345 338->333 346 710296-7102bd 340->346 350 71048d-710b30 341->350 347 710262 342->347 348 710294 342->348 343->328 343->329 343->339 343->341 344->350 345->328 345->329 345->334 345->339 345->341 354 7102ea-710301 346->354 355 7102bf 346->355 353 710270-710292 call 712eb0 347->353 348->346 352->327 352->328 352->329 352->330 352->333 352->334 352->336 352->337 352->338 352->339 352->341 352->343 352->345 353->348 354->325 354->326 354->327 354->328 354->329 354->330 354->331 354->332 354->333 354->334 354->335 354->336 354->337 354->338 354->339 354->341 354->343 354->344 354->345 364 7102c0-7102e8 call 712e70 355->364 364->354
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 48a7d985b251b18f7c5e02adb1dd223a004ce4841b518c852e08c18d8bea48e6
          • Instruction ID: 77285f10371cd831dda1cbd298463a0c057a479d319e3ceb52f47fcabd92d53b
          • Opcode Fuzzy Hash: 48a7d985b251b18f7c5e02adb1dd223a004ce4841b518c852e08c18d8bea48e6
          • Instruction Fuzzy Hash: C6719A38200700DFD7248F24EC94B26B7F6FF8A305F10C969E8568B6A2D779E855CB64
          Function 007499D0 Relevance: .1, Instructions: 143COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d6225afb45e691c54ae3f5096eeec5d3e3a45ff919063b44b764adce3c8ff73e
          • Instruction ID: 7d2f31fca308b8de484cf536e81ddf6b9f1bcf26353f6483eddd86adea1aa68e
          • Opcode Fuzzy Hash: d6225afb45e691c54ae3f5096eeec5d3e3a45ff919063b44b764adce3c8ff73e
          • Instruction Fuzzy Hash: A441CE74248300ABD714DF15E894B2BF7E6EB89714F14C82CF68A97252D339EC01CB66
          Function 007463B8 Relevance: .1, Instructions: 99COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID:
          • API String ID: 2994545307-0
          • Opcode ID: fc6f878f7e2171ad690a789d7b32f8ce6eb4bd8df5ca2e9e389518f0e97ff0fe
          • Instruction ID: 45e981f4f2d196e239a93989d71776b33e98d9335d9eba33ba74f89711ffa952
          • Opcode Fuzzy Hash: fc6f878f7e2171ad690a789d7b32f8ce6eb4bd8df5ca2e9e389518f0e97ff0fe
          • Instruction Fuzzy Hash: 1B31E670649341BBDA24DB08CD81F3AB7A5FB86B55F64890CF181572E1D378B811CB56
          Function 00710EEC Relevance: .1, Instructions: 72COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 768d58a9b2a1e736956ab2585164fc7b5b878fc7d0a22ea639404d65dbc35273
          • Instruction ID: 0eafe63360c82b13615d7ef45b8e5f15060129e2badcf7923f10812a23c2e558
          • Opcode Fuzzy Hash: 768d58a9b2a1e736956ab2585164fc7b5b878fc7d0a22ea639404d65dbc35273
          • Instruction Fuzzy Hash: 9A213CB490021ADFDB15CF94CC91BBEBBB5FF46304F144809E811BB292C775A951CBA4
          Function 00743220 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 211 743220-74322f 212 743236-743252 211->212 213 7432a0 211->213 214 7432a2-7432a6 RtlFreeHeap 211->214 215 7432ac-7432b0 211->215 216 743254 212->216 217 743286-743296 212->217 213->214 214->215 218 743260-743284 call 745af0 216->218 217->213 218->217
          APIs
          • RtlFreeHeap.NTDLL(?,00000000), ref: 007432A6
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID: FreeHeap
          • String ID:
          • API String ID: 3298025750-0
          • Opcode ID: 9a0d8d8b1b95583a0fc673e8f4251ca8134e63ec67e5fb3b9957abd4dfcf5bce
          • Instruction ID: ec9af21384d8613dedb55898985dbed2bc99f5ed545bb50b43707e5ed0164211
          • Opcode Fuzzy Hash: 9a0d8d8b1b95583a0fc673e8f4251ca8134e63ec67e5fb3b9957abd4dfcf5bce
          • Instruction Fuzzy Hash: F7014B3490D3409BD711AB18E849A1ABBE8EF4A701F058D1CE5C98B361D379DD60CB96
          Function 00743202 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 222 743202-743211 RtlAllocateHeap
          APIs
          • RtlAllocateHeap.NTDLL(?,00000000), ref: 00743208
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID: AllocateHeap
          • String ID:
          • API String ID: 1279760036-0
          • Opcode ID: b372c8edb3e907a24454ad9c5749de3e6efb02d292695dd2d2304a2cb38a489e
          • Instruction ID: e9485163e68e6272cdd7f460cbb1fb33ac2a537e1062507f006f4201afd70cb8
          • Opcode Fuzzy Hash: b372c8edb3e907a24454ad9c5749de3e6efb02d292695dd2d2304a2cb38a489e
          • Instruction Fuzzy Hash: 98B012300401005FDA241B00EC0AF003510EB00706F800050A100040B1D1E55C64C559

          Non-executed Functions

          Function 0071DB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
          • API String ID: 2994545307-1418943773
          • Opcode ID: 0df79ef616216985a4ff9d2da37139d6f902e996523a3dfc0b74d1497560ad12
          • Instruction ID: 2601f2f28381b2096deadcd0f8b134b13262dfcecc47c575f4e1b1850ffd025a
          • Opcode Fuzzy Hash: 0df79ef616216985a4ff9d2da37139d6f902e996523a3dfc0b74d1497560ad12
          • Instruction Fuzzy Hash: 7CF27AB05093819BD770CF18C894BEBBBE6BFD5304F14482CE8C987292D7799985CB92
          Function 007323E0 Relevance: 31.3, APIs: 4, Strings: 12, Instructions: 3298COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C
          • API String ID: 0-786070067
          • Opcode ID: f375cb7f1def35ab01f2ee5e89969afb75aa27048789739ce41cfd4aa3b4d5f5
          • Instruction ID: 12f32fb4b730b4007f472432ae098217d826c49874b792a68594b19ab66a0753
          • Opcode Fuzzy Hash: f375cb7f1def35ab01f2ee5e89969afb75aa27048789739ce41cfd4aa3b4d5f5
          • Instruction Fuzzy Hash: 24338B70504B81CBE7258F38C590762BBE1BF16304F58899DE4DA9BA93C739F906CB61
          Function 00729F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
          • API String ID: 0-1131134755
          • Opcode ID: 999080e815c7d43f3adadbae36d2d0be222dc3d7b0cbe1d65922bef11946112c
          • Instruction ID: d7855096a5427bbd206294ca33c2e922ea49b13f055b57731ee1ce203a0cc59a
          • Opcode Fuzzy Hash: 999080e815c7d43f3adadbae36d2d0be222dc3d7b0cbe1d65922bef11946112c
          • Instruction Fuzzy Hash: 2952C6B404D385CAE270CF25D581B8EBAF1BB92740F608A1DE1ED9B255DBB48045CF93
          Function 00729510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
          • API String ID: 0-655414846
          • Opcode ID: 735015d9fa4ec850f7851966b363a7496786f22f4fcae9972b99f7723b88fefc
          • Instruction ID: 6aabd66239444611c5a868d963831c40848221d626ef7ed203199831604403f6
          • Opcode Fuzzy Hash: 735015d9fa4ec850f7851966b363a7496786f22f4fcae9972b99f7723b88fefc
          • Instruction Fuzzy Hash: DDF12FB4508380ABD310DF15E881A2BBBF4FB86B44F584E1CF5D59B252D378D908CBA6
          Function 0072DD29 Relevance: 18.6, Strings: 14, Instructions: 1142COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: r$%*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$rr$upH}${E$r
          • API String ID: 0-591219886
          • Opcode ID: 6ba581b30ddb809ad46b76a23d1eb7a5735680de7120e42e9a6da28acd8111b4
          • Instruction ID: 17735950bd530296692fce8a2502bddd54d3757b9f7c49da546745cc9b220035
          • Opcode Fuzzy Hash: 6ba581b30ddb809ad46b76a23d1eb7a5735680de7120e42e9a6da28acd8111b4
          • Instruction Fuzzy Hash: F892F5B1E00215CFDB14CF68D8517AEBBB2FF49311F298268E456AB391D779AD01CB90
          Function 008DB8AB Relevance: 11.6, Strings: 8, Instructions: 1648COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: ,"|m$0-v+$5Ku?$VKwu$k9U$V~w$6;$6;
          • API String ID: 0-4129387627
          • Opcode ID: 29f50c3dc412b195c24291be1de15373399f0868044b8299044839ce5fcfa7e9
          • Instruction ID: c1edaf249d1cdd623ba0788ae248cdd16f6bb5a18556e44075e41f1dae3804e6
          • Opcode Fuzzy Hash: 29f50c3dc412b195c24291be1de15373399f0868044b8299044839ce5fcfa7e9
          • Instruction Fuzzy Hash: 24B20AF360C204AFE3046E2DEC4566BBBE6EFD4720F1A853DE6C487744EA3598058697
          Function 0072098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
          • API String ID: 0-4102007303
          • Opcode ID: f8c0d1dd69b1150643a32783b88c5c5f1e4b84152c769a6799ed8cfce0b95b1d
          • Instruction ID: a26156788cf393eca72d867732fe58eb20ad5f83d75e132cfd516d38a7c31ee4
          • Opcode Fuzzy Hash: f8c0d1dd69b1150643a32783b88c5c5f1e4b84152c769a6799ed8cfce0b95b1d
          • Instruction Fuzzy Hash: 39629DB1608391CBD730DF14D895B9BB7E1FF96314F04492DE49A8B682E3799940CB93
          Function 00701000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
          • API String ID: 0-2517803157
          • Opcode ID: 26ef63e75cfa35ea59abcff98dbf4f124969a32f71979f2a70e7d9034abdc74e
          • Instruction ID: 98f1e3b2aea0a774481054d94fa355415e7aed96f9302896f8ed8ec775e586a2
          • Opcode Fuzzy Hash: 26ef63e75cfa35ea59abcff98dbf4f124969a32f71979f2a70e7d9034abdc74e
          • Instruction Fuzzy Hash: 62D2C472608351CFD718CE28C49436ABBE2AFD9314F18872DE595873D2D778D946CB82
          Function 008D9DA7 Relevance: 10.4, Strings: 7, Instructions: 1643COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: !:&>$'7wk$(W?S$O{$T5_'$l|~${v
          • API String ID: 0-4149193433
          • Opcode ID: 0df56634c0bd9664ff793414502f3779702bc4d6748ce678985b014f2f5dbc82
          • Instruction ID: 81c12ade82b8b10290355bacdfcf38ea5a9ecb0a8ce56196f996df42dfa73e39
          • Opcode Fuzzy Hash: 0df56634c0bd9664ff793414502f3779702bc4d6748ce678985b014f2f5dbc82
          • Instruction Fuzzy Hash: 02B2E9F35082049FE304AE2DEC8567AF7E9EF94720F1A893DEAC4C7744E63598058697
          Function 008CFB9A Relevance: 10.4, Strings: 7, Instructions: 1638COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: S~]g$\|~k$bS'n$lZ$m+g$n3]$go
          • API String ID: 0-193907323
          • Opcode ID: 1ea8842aa48adcdbea84eba426f8930225ce41497b6892e6709d239815d1d11b
          • Instruction ID: f052ac6a6701d9f3cae9316ad7bed7d75c8d729c8e65264252bbef426b7df296
          • Opcode Fuzzy Hash: 1ea8842aa48adcdbea84eba426f8930225ce41497b6892e6709d239815d1d11b
          • Instruction Fuzzy Hash: 8CB21AF36086049FE304AE2DEC8567AB7E9EFD4720F1A8A3DE6C5C3744E93558058693
          Function 008E2333 Relevance: 9.1, Strings: 6, Instructions: 1630COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: 3{M$Bp_}$euz$gWyg$i6=$y^
          • API String ID: 0-1803318768
          • Opcode ID: c468ef368dfdae33b7cf19dbae3105f5f8679048e2e427ba4900f12dd17134fa
          • Instruction ID: 57eae16990f60e37bf083e498067194efdea5edeb381a351cb6fe5e1ca990481
          • Opcode Fuzzy Hash: c468ef368dfdae33b7cf19dbae3105f5f8679048e2e427ba4900f12dd17134fa
          • Instruction Fuzzy Hash: FDB2F5F360C2049FE3046E29EC8577AFBE9EF94720F16493DEAC4C7744EA7598018696
          Function 008CE10E Relevance: 9.1, Strings: 6, Instructions: 1621COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: 4V$L{$X&U$e{y$d:$7m
          • API String ID: 0-50629797
          • Opcode ID: dd83728cab562a1126f2be40347410697e5d99b2b615a4c5b5f771b57545473a
          • Instruction ID: dc6915d6604d98db80d8c5022de80de994eba4ed7ad4cb5a0ec09530bb15f541
          • Opcode Fuzzy Hash: dd83728cab562a1126f2be40347410697e5d99b2b615a4c5b5f771b57545473a
          • Instruction Fuzzy Hash: 4CB218F3A0C2009FE3046E2DEC8577ABBE9EF94720F1A463DE6C5C7744E63598058696
          Function 008D4CEC Relevance: 9.1, Strings: 6, Instructions: 1612COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: 3P>$?y4j$EZ\$]T5w$a/'Z$wO~{
          • API String ID: 0-921840834
          • Opcode ID: 96cd464255f5312000dcf380539db353f665a6282527b04fe581f4c0428a57fb
          • Instruction ID: fb1bd4939f2b6ce0e0acf2bb5903db1bea111585fb72c0c2e17ad849d3a97b9b
          • Opcode Fuzzy Hash: 96cd464255f5312000dcf380539db353f665a6282527b04fe581f4c0428a57fb
          • Instruction Fuzzy Hash: F4B229F360C204AFE3046E2DEC8567ABBE9EFD4720F1A893DE6C4C3744E67598058656
          Function 008D3232 Relevance: 9.1, Strings: 6, Instructions: 1572COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: +lo<$.f=$Ap}$Ap}$^t?$b ]w
          • API String ID: 0-1220114248
          • Opcode ID: 48a07ef034c6700d820d02ff9bd0eccd1e9bc58f3cd7f16bb38797c7a99896d3
          • Instruction ID: 5a4eb6b5535dd3fd14d103ccb1371ab0f11cc183a9a98c7d3763a3947667d42c
          • Opcode Fuzzy Hash: 48a07ef034c6700d820d02ff9bd0eccd1e9bc58f3cd7f16bb38797c7a99896d3
          • Instruction Fuzzy Hash: A7B2F6F360C6009FE304AE29EC8567AFBE5EF94720F1A893DEAC487744E63558418797
          Function 008E0941 Relevance: 9.1, Strings: 6, Instructions: 1553COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: +}u$Apm$RTnw$WBoz$`_.$b1[
          • API String ID: 0-2650765142
          • Opcode ID: 112a289141d0d6342a2939e83ff1a2af3f1008265685d762315962765a91827c
          • Instruction ID: 47f168af818d49b520a63451eb7c1fc9f8fa23ec35f60b9bb1782d788cabca39
          • Opcode Fuzzy Hash: 112a289141d0d6342a2939e83ff1a2af3f1008265685d762315962765a91827c
          • Instruction Fuzzy Hash: BBB2E4F360C2049FE304AE29EC8567AFBE9EF94720F16493DEAC4C3744EA3558458697
          Function 007012F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: 0$0$0$@$i
          • API String ID: 0-3124195287
          • Opcode ID: fa9cfe9f9a08c0d9d8c25dacb40fb1640eb8bc4faaca0f286d64729eb69b3feb
          • Instruction ID: 6ffb97ac94cea191577fa3a5bf42cf37761899763d6e2e1056ece21aab63a9d6
          • Opcode Fuzzy Hash: fa9cfe9f9a08c0d9d8c25dacb40fb1640eb8bc4faaca0f286d64729eb69b3feb
          • Instruction Fuzzy Hash: C162B37260C381CBD319CF28C49476ABBE1AFD5304F188A5DE8D9872D2D778D94ACB42
          Function 0070164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
          • API String ID: 0-1123320326
          • Opcode ID: 54f00ae5212635cef4343bf9f4793a09ac8b1ace224a5c04a676659c52be0cd7
          • Instruction ID: a5d7f01737f64bb6ede7ebbebc46c1257a312d95495ddb50537c9da6d8962177
          • Opcode Fuzzy Hash: 54f00ae5212635cef4343bf9f4793a09ac8b1ace224a5c04a676659c52be0cd7
          • Instruction Fuzzy Hash: 8CF1907160C381CFC715CE28C48426AFBE2AFD9304F588A6DE4D987392D778D949CB92
          Function 007013A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
          • API String ID: 0-3620105454
          • Opcode ID: 57ca7003dd3c99ffe1ccab055d745aa33acef632030c683c00c5001731b1a281
          • Instruction ID: b0d67de0e0bde1d36e4cd25c07da92e91eb08214230c8241288371255e40de0d
          • Opcode Fuzzy Hash: 57ca7003dd3c99ffe1ccab055d745aa33acef632030c683c00c5001731b1a281
          • Instruction Fuzzy Hash: 6BD1907160C7818FC715CE29C48426AFBE2AFD9304F08CA6EE4D987396D638D949CB52
          Function 008DEDC9 Relevance: 6.6, Strings: 4, Instructions: 1631COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: Co{>$`f~_$w1$N_
          • API String ID: 0-2220874313
          • Opcode ID: ec768a91975fe9526fbd3d9e6805b7d0e5bdeb24536d8ba81a9459601380d674
          • Instruction ID: ad9ba38b5dead1d8da9467ac98cdd62fc25a792ee9ac0597046e713c75bfb833
          • Opcode Fuzzy Hash: ec768a91975fe9526fbd3d9e6805b7d0e5bdeb24536d8ba81a9459601380d674
          • Instruction Fuzzy Hash: D8B2F6F360C2049FE304AE69EC8577ABBE5EF94720F16893DEAC4C7744E63598018697
          Function 008DD3B9 Relevance: 6.6, Strings: 4, Instructions: 1576COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: $BS?$/'/7$AF+l$q37y
          • API String ID: 0-1516391773
          • Opcode ID: e2891a04aa8106444ed3febdec002581c611577a7c88817cb4c35fcdbaf730a6
          • Instruction ID: 3b1b08dedaa50abe1a8571310def3e9fbad7ab79358965a84b4ae32006591af8
          • Opcode Fuzzy Hash: e2891a04aa8106444ed3febdec002581c611577a7c88817cb4c35fcdbaf730a6
          • Instruction Fuzzy Hash: EEB2D5F360C204AFE3146E2DEC8567AFBE9EF94720F16493DEAC483744EA3558058697
          Function 008D6D6E Relevance: 6.2, Strings: 4, Instructions: 1181COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: :OO$BN}$T7u$`U>
          • API String ID: 0-3217271391
          • Opcode ID: 63d7dadb8d698219d6410f458d25b5f60161663e18932491fa7502cb3cb0b17b
          • Instruction ID: 78b1fbaeeb3bf715307199c270900ba0d89d669316bc56fea0d859e3187dc854
          • Opcode Fuzzy Hash: 63d7dadb8d698219d6410f458d25b5f60161663e18932491fa7502cb3cb0b17b
          • Instruction Fuzzy Hash: D472F9F3A0C2049FE704AE2DEC4567ABBEAEFD4720F16853DE5C5C3344EA3598058696
          Function 0072FD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: :$NA_I$m1s3$uvw
          • API String ID: 0-3973114637
          • Opcode ID: fcd367200d9692415b212cf31874452ab03ce8dd7dc4103ef778c86685569f38
          • Instruction ID: 08d2296038fb8293cdd0d538c94d615a1726e9def6e0c8ebd21983aacc63d43a
          • Opcode Fuzzy Hash: fcd367200d9692415b212cf31874452ab03ce8dd7dc4103ef778c86685569f38
          • Instruction Fuzzy Hash: 5F32ACB0508380DFE311DF28D890B2BBBE5AB89301F548A6CF5D58B292D379D915CF96
          Function 00713BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: %*+($;z$p$ss
          • API String ID: 0-2391135358
          • Opcode ID: 93ac2da7c37ada2ce24d529478a50e56435bf4c79656489a5a5e52b72192c4fb
          • Instruction ID: bf114424b3eac6f4b9062ffd34e398a4646f76dadea0ff3ae47cbb7a4331b00a
          • Opcode Fuzzy Hash: 93ac2da7c37ada2ce24d529478a50e56435bf4c79656489a5a5e52b72192c4fb
          • Instruction Fuzzy Hash: 04027EB4810B00DFD760DF28D986756BFF4FB06300F50895DE89A8B686E335E459CBA2
          Function 00722260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: a|$hu$lc$sj
          • API String ID: 0-3748788050
          • Opcode ID: cfeec438c2f2b5615f5d3c9002303b45abc50c906a5755c85ad3c4e7e1956f00
          • Instruction ID: 8b7873651754488d56507d3cc36e1d770f19ae5736b498701dc454c776535a4c
          • Opcode Fuzzy Hash: cfeec438c2f2b5615f5d3c9002303b45abc50c906a5755c85ad3c4e7e1956f00
          • Instruction Fuzzy Hash: 2FA1AD70408350DBC720DF18D891A2BB7F0FF95354F148A0CE8D59B2A2E339D952CB96
          Function 008CC64E Relevance: 5.4, Strings: 3, Instructions: 1626COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: <jv6$t4,$Fg/
          • API String ID: 0-437895771
          • Opcode ID: 0ad051c81d8591cd19eb2b233709cc620738bf7c4d6744865f03dc8090dc7e86
          • Instruction ID: 430a76c6ae6946bae14622abf377d490e89dc2a780e80e6ae5ba490634ee06ae
          • Opcode Fuzzy Hash: 0ad051c81d8591cd19eb2b233709cc620738bf7c4d6744865f03dc8090dc7e86
          • Instruction Fuzzy Hash: 63B2F7F3A0C2049FE304AE29EC8566AFBE5EF94720F1A493DE6C5D3744E63598018797
          Function 008D1694 Relevance: 5.4, Strings: 3, Instructions: 1624COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: gF{u$v%7n$v_w
          • API String ID: 0-3946476954
          • Opcode ID: 71f0399d38992a7c56857c4c809779145bab2048ae59943813a3025166c52e9f
          • Instruction ID: b432a3e4b4aa1b0b47b391cd586058345a070f7e11e09dd28c798ab119700fef
          • Opcode Fuzzy Hash: 71f0399d38992a7c56857c4c809779145bab2048ae59943813a3025166c52e9f
          • Instruction Fuzzy Hash: 38B209F3A08210AFE304AE2DDC8567AFBE9EF94720F1A493DE6C4C3744E57598058796
          Function 008C9165 Relevance: 5.3, Strings: 3, Instructions: 1584COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: %E:T$|4\=$,7
          • API String ID: 0-578559212
          • Opcode ID: f0411745f4abc4d9ad2b71e635061d4f5cefd2b8e97c0f1a71ab15febb903b63
          • Instruction ID: 5956924cb448c3532cee6c7c83f8a456c485fa5f87dfad0922767e51653051f6
          • Opcode Fuzzy Hash: f0411745f4abc4d9ad2b71e635061d4f5cefd2b8e97c0f1a71ab15febb903b63
          • Instruction Fuzzy Hash: 68B229F3A082109FE3046E29EC8567AFBE9EFD4720F1A853DEAC4C7744E63558058697
          Function 0072D7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: #'$CV$KV$T>
          • API String ID: 0-95592268
          • Opcode ID: 2b2d696deb4abbf9fbd9350b9c2b5fb717077104eaeaf4c531bfc691ad43ff6f
          • Instruction ID: 983570945afcf1b3c91782bc9bb1c1a590a77e69badfd7b98d21f171f6632f9e
          • Opcode Fuzzy Hash: 2b2d696deb4abbf9fbd9350b9c2b5fb717077104eaeaf4c531bfc691ad43ff6f
          • Instruction Fuzzy Hash: FF8165B48017459FDB20DFA5D28516EBFB1FF16300F604A0CE4866BA56D334AA55CFE2
          Function 0072AC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: (g6e$,{*y$4c2a$lk
          • API String ID: 0-1327526056
          • Opcode ID: 1d6866f51548b4c0c60f3e7518370b1e64a75ae6c3e87fcf137c36a569d805fb
          • Instruction ID: a5f787963438c212ae1050d1200f6fe55a57511cad5800b5aafb633778ab2ad4
          • Opcode Fuzzy Hash: 1d6866f51548b4c0c60f3e7518370b1e64a75ae6c3e87fcf137c36a569d805fb
          • Instruction Fuzzy Hash: 6141BA74408381DBD7208F20D900BABB7F0FF86306F54995DE5C897250DB79D944CB96
          Function 0072C470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: %*+($%*+($~/i!
          • API String ID: 0-4033100838
          • Opcode ID: 77cef961f128ab51c46049c1a1ab0e295b8b288b20f7366e6ab282b0b7a3b821
          • Instruction ID: 1cea4fbf32d73b9c094b17fa4af23f4b9548293fc76140ee1f4921134bf2f0ea
          • Opcode Fuzzy Hash: 77cef961f128ab51c46049c1a1ab0e295b8b288b20f7366e6ab282b0b7a3b821
          • Instruction Fuzzy Hash: 18E187B5518340DFE3209F24E885B5EBBF5FB95341F48882CE6C987252DB79D814CB92
          Function 00708590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: )$)$IEND
          • API String ID: 0-588110143
          • Opcode ID: cfc9f078a0936531ea1671362003a4542aa2972224615a28f66545c3ebdbdb24
          • Instruction ID: d5c3385dfe6fa7d94e23d204073c39751a07c3043da47d674c3125a53c197fd9
          • Opcode Fuzzy Hash: cfc9f078a0936531ea1671362003a4542aa2972224615a28f66545c3ebdbdb24
          • Instruction Fuzzy Hash: FFE18DB1A08701DFE350DF28C88572ABBE0BB94314F148A2DE595973C2DB79E915CB93
          Function 008005DC Relevance: 4.0, Strings: 3, Instructions: 256COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: &J[7$&J[7$Ai
          • API String ID: 0-3150612593
          • Opcode ID: a4590523a82d696223b7f582faaa52a0e5f20cf52c4e1912c58f3e5694f8a387
          • Instruction ID: 2e887096ac4352df4785e390f174758c146c6ef77737c2de265a68260c0f2b6c
          • Opcode Fuzzy Hash: a4590523a82d696223b7f582faaa52a0e5f20cf52c4e1912c58f3e5694f8a387
          • Instruction Fuzzy Hash: B47136B3A092005FE3046D3DDD9977ABBDAEBD4720F1B453EE6C5C3B84E97958054282
          Function 00744040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: %*+($f
          • API String ID: 0-2038831151
          • Opcode ID: bf21246a4b1875d57f0ec2724215ff6ee868a40518e0cfa78a5e85c971cc8653
          • Instruction ID: 74a7f1b5d585a695f122e9eb526342d3e8b4577fb7f64a3bee3696912292f2c0
          • Opcode Fuzzy Hash: bf21246a4b1875d57f0ec2724215ff6ee868a40518e0cfa78a5e85c971cc8653
          • Instruction Fuzzy Hash: FE12BA716083809FC715CF18C890B2EBBE2FBC9314F188A2CF5959B291D779E945DB92
          Function 0073F620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: dg$hi
          • API String ID: 0-2859417413
          • Opcode ID: e6d45dbeb3010f24fa37f18ac6b82b4c74822e36d7bbb06c01ab420be23a300f
          • Instruction ID: 0f5af2ab93fdb9b1ee34608fe2a23d85415bc8bdb35a14d0c0b7b2014406c468
          • Opcode Fuzzy Hash: e6d45dbeb3010f24fa37f18ac6b82b4c74822e36d7bbb06c01ab420be23a300f
          • Instruction Fuzzy Hash: 77F1A671A18341EFE704CF24D891B6ABBF5FB86345F14892CF0858B2A2D739E845CB56
          Function 007035B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: Inf$NaN
          • API String ID: 0-3500518849
          • Opcode ID: bb6cc34c9719680a76a5d667cf671ed060aa36c6b3520cbb0c6732b28813994d
          • Instruction ID: 8fe0651802f6a187310b374c5fc825229f68a0da15ab70623410d9a3b01fc563
          • Opcode Fuzzy Hash: bb6cc34c9719680a76a5d667cf671ed060aa36c6b3520cbb0c6732b28813994d
          • Instruction Fuzzy Hash: D3D1B4B1B18311DBC714CF29C88061AB7E5EBC8750F158A2DF999973E0E779DD058B82
          Function 0083C381 Relevance: 2.7, Strings: 2, Instructions: 192COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: TX~5$TX~5
          • API String ID: 0-1377447853
          • Opcode ID: 401d14e85c8d299debeadd71bbf3fa7cf791f150e73e04f38f706e1d9744ecce
          • Instruction ID: 0cb76ab085a809daf9646b795435d9cbb0f08ceebf04fc5636158ce9bf83096e
          • Opcode Fuzzy Hash: 401d14e85c8d299debeadd71bbf3fa7cf791f150e73e04f38f706e1d9744ecce
          • Instruction Fuzzy Hash: 2B5154F3E043184BE3446A29DC4477AB7DADBD0310F2E863DDB8897784EC7A6D098685
          Function 0071FFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: BaBc$Ye[g
          • API String ID: 0-286865133
          • Opcode ID: 3b4c09b99b38aaf96a6f21e45bdc69034df80c8fd435992314e6135ca0797e29
          • Instruction ID: 443466263f3f7c7303b71e2422562b05cfc422e3a78d459e9ce20769b4c7e14e
          • Opcode Fuzzy Hash: 3b4c09b99b38aaf96a6f21e45bdc69034df80c8fd435992314e6135ca0797e29
          • Instruction Fuzzy Hash: E051BEB16083958BD331CF14D885BABB7E0FF96320F08491DE4998B652F3789940CBA7
          Function 00705160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: %1.17g
          • API String ID: 0-1551345525
          • Opcode ID: b9acdff6a1429fc7441600b426c1c7d3d7c5ae7297060ee2c378e474c416dae5
          • Instruction ID: d565ae7e186def1bc2fea358a54a9275b5a2ab7c57838c8f4ef73343da7a051c
          • Opcode Fuzzy Hash: b9acdff6a1429fc7441600b426c1c7d3d7c5ae7297060ee2c378e474c416dae5
          • Instruction Fuzzy Hash: F422AFB6A08B42CBE7158E18D840327BBE2AFE0318F19876DD8594B3D1E7B9DC44DB41
          Function 007312D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: "
          • API String ID: 0-123907689
          • Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
          • Instruction ID: 390a8203b9a62f7fdebe2348e4cf39cbad633e81a2117f8f349e3b0255656d34
          • Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
          • Instruction Fuzzy Hash: 7BF12471A083518FE724CF28C49166BBBE5ABC5350F5CC96DE89A87383DA38DD058792
          Function 0072AE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: %*+(
          • API String ID: 0-3233224373
          • Opcode ID: 66e8fff212367ab59233655fc1683996906eafb613e9568f4971f797794e25d9
          • Instruction ID: 8145642c8c730101e147b0431b9a638f7a0b08417bc99341967a4961c9012ab5
          • Opcode Fuzzy Hash: 66e8fff212367ab59233655fc1683996906eafb613e9568f4971f797794e25d9
          • Instruction Fuzzy Hash: F1E1A971508316DBC324DF28E89066EB7F2FF98782F54891CE4C587261E339E959CB92
          Function 00716EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: %*+(
          • API String ID: 0-3233224373
          • Opcode ID: 7bd6a6894f7cb2298221c49aad9f0c4b754a5a7ff65b6a8f37e420d0c386ffe5
          • Instruction ID: db9c231f69e8e331fcccc1540a704f586e466d0b3fc8e495bf76932d54f31816
          • Opcode Fuzzy Hash: 7bd6a6894f7cb2298221c49aad9f0c4b754a5a7ff65b6a8f37e420d0c386ffe5
          • Instruction Fuzzy Hash: AFF1B0B5A00B01CFC724DF28D891A66B3F6FF49314B148A2DE49787691EB38F855CB54
          Function 00727E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: %*+(
          • API String ID: 0-3233224373
          • Opcode ID: 3396c3b4c8b4471c0f758c46db77a44a7b509d0de831a61bd85572a632908c22
          • Instruction ID: 8b33a461ea5cfcb320c8bb66a6185521f6fedb2e28ad64351c392dd2c5007e8e
          • Opcode Fuzzy Hash: 3396c3b4c8b4471c0f758c46db77a44a7b509d0de831a61bd85572a632908c22
          • Instruction Fuzzy Hash: 02C1D071509220EBD710EB14E942A2BB7F5EF95354F08891CF8C587292E73ADD15CBA3
          Function 00728D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: %*+(
          • API String ID: 0-3233224373
          • Opcode ID: afd89ad2d34c4851f8e1f4aa68e8275dd517ee5a27aaf2bf14764b6d80866daa
          • Instruction ID: c8fa8287e012256cbdf6b3be3dfd16791f13f90a946215f1a43ae73d684cf293
          • Opcode Fuzzy Hash: afd89ad2d34c4851f8e1f4aa68e8275dd517ee5a27aaf2bf14764b6d80866daa
          • Instruction Fuzzy Hash: 7ED1D070618302DFD704DF68EC90AAAB7F5FF88305F09886CE88687251D779E950CB95
          Function 00714487 Relevance: 1.6, Strings: 1, Instructions: 389COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: BIq
          • API String ID: 0-2330342746
          • Opcode ID: 5f9f6db7bb8ee9d0649e295622d291e0fd55b9f1394959f2f0054670da1f5d69
          • Instruction ID: f92218485f4cbb1c6af9a31f5c15663b1e1c4d4b69e8f44355a69f865510b35d
          • Opcode Fuzzy Hash: 5f9f6db7bb8ee9d0649e295622d291e0fd55b9f1394959f2f0054670da1f5d69
          • Instruction Fuzzy Hash: 6BE10FB5601B00CFD325CF28D996B97B7E1FF06704F04886DE4AA8B692E739B854CB54
          Function 00747FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: P
          • API String ID: 0-3110715001
          • Opcode ID: 35874d2d01398e78b34920224abf2f7d77332d687b4110d58b0395d6f0fa94ed
          • Instruction ID: e70f34a4d3df5f4e1c51da17d84310aa54996f32f06d1b9391f3d0fae351054d
          • Opcode Fuzzy Hash: 35874d2d01398e78b34920224abf2f7d77332d687b4110d58b0395d6f0fa94ed
          • Instruction Fuzzy Hash: 16D1F6729082658FC765CE18D89071EB7E1EB85718F158A3CE8B5AB390DB79DC05C7C2
          Function 00746CBF Relevance: 1.6, Strings: 1, Instructions: 384COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: "pt
          • API String ID: 0-3168765775
          • Opcode ID: 080885040aaa7397c2a3d1f23f237a274efabebc979432b672e9eb3ba21adf54
          • Instruction ID: f21f7a7f59a8521c24ac133136ff52a1a740c1289d7a570c948b35a47c2b135a
          • Opcode Fuzzy Hash: 080885040aaa7397c2a3d1f23f237a274efabebc979432b672e9eb3ba21adf54
          • Instruction Fuzzy Hash: 7FD12336618351CFC714CF38D88056ABBE2FB8A355F098A6CE891C73A1D379DA44CB95
          Function 0072CCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID: %*+(
          • API String ID: 2994545307-3233224373
          • Opcode ID: 470144012a4c916050d5eae1aca5cc937e694b7198ebb9a0775e4b8474f42796
          • Instruction ID: c2bc96c4367f9224597fe290be24e030814b2fab74cf63f367a66571d990a43d
          • Opcode Fuzzy Hash: 470144012a4c916050d5eae1aca5cc937e694b7198ebb9a0775e4b8474f42796
          • Instruction Fuzzy Hash: FCB1F171A083518BD725DF14E891B2FBBE2EFA5340F14492CE5C58B352E339E855CBA2
          Function 0070A850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: ,
          • API String ID: 0-3772416878
          • Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
          • Instruction ID: 7b93703ac7cfedc1028e45645c437100fd0a46e50413f6faa61d435714a3b0e5
          • Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
          • Instruction Fuzzy Hash: C0B12871208381DFD325CF18C88061BBBE1AFA9704F448A2DF5D997382D675EA18CB67
          Function 0073FC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: %*+(
          • API String ID: 0-3233224373
          • Opcode ID: 62d49a04b7901fe06524ab57e0df3e1bc0eb119a80b6aa975827b9de6a99295e
          • Instruction ID: 41b3721d69ab1bddc46999a1a2ada4a53bd60f05b68380208d65ee0769db86c6
          • Opcode Fuzzy Hash: 62d49a04b7901fe06524ab57e0df3e1bc0eb119a80b6aa975827b9de6a99295e
          • Instruction Fuzzy Hash: E081F070A18301EBE710DF58EC98B2AB7E5FB89742F04882CF5C487292D779D815CB62
          Function 0071D457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: %*+(
          • API String ID: 0-3233224373
          • Opcode ID: aef974c855a545d4c76df03929a4f3029a1e80672680bb6d1bc140605a5af103
          • Instruction ID: 1d623b1d1c81f0431da5cd0b59b466aee8ec35566bb6f8c53edb730f770c5f22
          • Opcode Fuzzy Hash: aef974c855a545d4c76df03929a4f3029a1e80672680bb6d1bc140605a5af103
          • Instruction Fuzzy Hash: E061D3B1904314DBD720EF18DC42AAAB3B1FF94354F08492CF98587291E779DD50CB92
          Function 00744A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: %*+(
          • API String ID: 0-3233224373
          • Opcode ID: df0205d3a0a7bd59a833856bfa3491cc892e7b9281721fe4e89dfd11b892c65b
          • Instruction ID: 4b5f026fbaa1077d8ccd9c208640ac4927d96ebcc3d57a9fa88808a294e12b58
          • Opcode Fuzzy Hash: df0205d3a0a7bd59a833856bfa3491cc892e7b9281721fe4e89dfd11b892c65b
          • Instruction Fuzzy Hash: 1061F4B1608341DFD711DF55C880B2AB7E6EBC4315F18891CE5C587292D779EC40EB66
          Function 0070E1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
          Download Yara Rule
          Strings
          • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 0070E333
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
          • API String ID: 0-2471034898
          • Opcode ID: ace0b604d51feaad08848d29f6b6c2f78156004c3d2d4496b0c816ec02db1bb3
          • Instruction ID: 5827387d9182ea57b108a120c8cadb7f57699d63813030af294e5650fc002a9e
          • Opcode Fuzzy Hash: ace0b604d51feaad08848d29f6b6c2f78156004c3d2d4496b0c816ec02db1bb3
          • Instruction Fuzzy Hash: 74511837B1AA90CBD329893C5C55269BEC71B93334B2DCB6AE9F1CB3E1D65D48014390
          Function 00743920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: %*+(
          • API String ID: 0-3233224373
          • Opcode ID: 0e7a1e196e3642ead5de8e3708ea7138f123a27c772a7f5a518dc4d9ae60e0e9
          • Instruction ID: ab09d474184880047210f5b541be3789342395faeb221182f25258de02c154c4
          • Opcode Fuzzy Hash: 0e7a1e196e3642ead5de8e3708ea7138f123a27c772a7f5a518dc4d9ae60e0e9
          • Instruction Fuzzy Hash: 81519D70609340DBDB24DF15D894A2EBBE5EF89749F18C81CE4CA87251D37AEE10CB62
          Function 007FBCA2 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: pEV
          • API String ID: 0-2549448802
          • Opcode ID: ebf542eaaf772b1f36806548c9552d65d0c31f0391ac4d87d1fbb8f56aff8c8c
          • Instruction ID: d93c61cccc53b1b79cbb50ee8c868f66e7a2cab07a6155e47f3b833947c61797
          • Opcode Fuzzy Hash: ebf542eaaf772b1f36806548c9552d65d0c31f0391ac4d87d1fbb8f56aff8c8c
          • Instruction Fuzzy Hash: CE41F9F39181109FE340AE1DDC84776B7E5EB94320F1A893DEAC4C7344E6395C448796
          Function 00711BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: L3
          • API String ID: 0-2730849248
          • Opcode ID: 7ec876bb035cd244448fb5e9d2fd9ed063b43edfd7a4b7c0c3a4989c934128b6
          • Instruction ID: 56dca161681b79742ae0f830cb88cad66b34da8479718fcdb008d8c31103441d
          • Opcode Fuzzy Hash: 7ec876bb035cd244448fb5e9d2fd9ed063b43edfd7a4b7c0c3a4989c934128b6
          • Instruction Fuzzy Hash: 024176B40083809BC7149F18D854A6FBBF0FF86714F44891CF6C59B291E73AC955CBAA
          Function 0073FF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: %*+(
          • API String ID: 0-3233224373
          • Opcode ID: dc9e1911dd610d7ee9b93c96e3d5270a9e5877c7535ef88cefb1f13f67d4a648
          • Instruction ID: 55c4efb87c5d350c0b65946d4b64f417adc6c6bb171df957b5b4203507f7021b
          • Opcode Fuzzy Hash: dc9e1911dd610d7ee9b93c96e3d5270a9e5877c7535ef88cefb1f13f67d4a648
          • Instruction Fuzzy Hash: 0C3106B1A08301EBD610EB64DC85B3BB7E8EB85744F544928FA8597262E339DC14C7E3
          Function 0072E40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: 72?1
          • API String ID: 0-1649870076
          • Opcode ID: a4b24e937e4e8c4d2d4251eb33a0e402e9e7b7c8a42876db0a10b9b7b3db791d
          • Instruction ID: 2c95e8f8f5cf45c2f2d034d2e6df9f8d47cebb34e537fa361cc2402fcb56ac65
          • Opcode Fuzzy Hash: a4b24e937e4e8c4d2d4251eb33a0e402e9e7b7c8a42876db0a10b9b7b3db791d
          • Instruction Fuzzy Hash: F031E6B5A00354CFD720CF94E8806AFB7B4FB06346F54456CE446A7341D339AE04CBA1
          Function 00716F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: %*+(
          • API String ID: 0-3233224373
          • Opcode ID: 88683d670f3d661205d4c8cd31deffa00f6bef9ca5fc260b2c1c7aed6facd045
          • Instruction ID: 60ecceb1f0321ea297d66c9569cee3b29a7145baae678979e5d240d30ad77492
          • Opcode Fuzzy Hash: 88683d670f3d661205d4c8cd31deffa00f6bef9ca5fc260b2c1c7aed6facd045
          • Instruction Fuzzy Hash: 5D414775204B04DBD7388F69C994F26B7F2FB0D701F148918E5869BAA1E37AF840CB64
          Function 0072E66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID: 72?1
          • API String ID: 0-1649870076
          • Opcode ID: 5569bd8802002b1cbbe31e7a7c25ecfdc18f51e7b8c140a782c6e5d09e248cbe
          • Instruction ID: 5e38a2c681e83ff7685de910b39d2c0b73baf6818587bbff510aadf7da0362b4
          • Opcode Fuzzy Hash: 5569bd8802002b1cbbe31e7a7c25ecfdc18f51e7b8c140a782c6e5d09e248cbe
          • Instruction Fuzzy Hash: D421B2B1A00354CFC720CF95E9906AFBBF5BB1A746F58495CE446AB341D339AE00CBA5
          Function 00749CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID: @
          • API String ID: 2994545307-2766056989
          • Opcode ID: 2edea360f113e8f46dce1dca8b0926b8ddd8de1486ecc0cc85663329631b6e57
          • Instruction ID: 0a3c4b5c9bda2afe68e2db6101ac3f6282bdde977c0fe880e6907bca798986fe
          • Opcode Fuzzy Hash: 2edea360f113e8f46dce1dca8b0926b8ddd8de1486ecc0cc85663329631b6e57
          • Instruction Fuzzy Hash: C6318970A093009BD714EF15D880A2BFBF9FF9A314F14892CE6C997251D379D904CBA6
          Function 00714E2A Relevance: 1.0, Instructions: 957COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 98f1f943e5c370d209e47592c8f2abf734c109a371aa97bc63b0712f0b49aae2
          • Instruction ID: 3558554dd1e6b948625df3931ea760bc7597a1017f460bbacf4db796332b514a
          • Opcode Fuzzy Hash: 98f1f943e5c370d209e47592c8f2abf734c109a371aa97bc63b0712f0b49aae2
          • Instruction Fuzzy Hash: F7627DB4500B40CFD725CF28C994B67B7F6AF89700F548A2DD49A87A92E738F844CB90
          Function 0070BEB0 Relevance: .9, Instructions: 895COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
          • Instruction ID: af6d096c9544a44d8e17bb151d0bfbf99f41280d98fe8bc19f9a77cc696d803f
          • Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
          • Instruction Fuzzy Hash: 8B52F731908711CBC7269F18D8402BAB3E1FFD5319F298B2DD9C6932C1E739A855CB86
          Function 00748652 Relevance: .7, Instructions: 710COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2cb4a4476784e238fdfb6f5c305a89b171dc87ac67f230ca341bd489bb819fc5
          • Instruction ID: 09cc39cca208fb88763c4a6b45a7296be15a92d7d706ea1aa75f11a2b8aa4434
          • Opcode Fuzzy Hash: 2cb4a4476784e238fdfb6f5c305a89b171dc87ac67f230ca341bd489bb819fc5
          • Instruction Fuzzy Hash: B222EB35608345DFC704DF68E88066AB7F1FF8A31AF09886DE58987361D779D890CB46
          Function 007486F0 Relevance: .7, Instructions: 681COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2b8c3707c1297b5e67572a12a7649a2ba1b30061f1cc4cab0f4044ec307d0197
          • Instruction ID: 544623be10402f8283b6a0121777f94daf8453fd1b21862ffb8b9e0af5529ee2
          • Opcode Fuzzy Hash: 2b8c3707c1297b5e67572a12a7649a2ba1b30061f1cc4cab0f4044ec307d0197
          • Instruction Fuzzy Hash: F422CB35608344DFD704DF68E89061EBBF1FB8A30AF09896DE58987361D779E890CB46
          Function 0070B3A0 Relevance: .7, Instructions: 670COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7d53f5f55a7bdb1f9baabf1a2611cac7d6e6facdfdc7c0b3c139502ca4b4e262
          • Instruction ID: 7c8dec4a132f72244e63d3dd5b2d7634910690b89710b81ee2db0cd49a862712
          • Opcode Fuzzy Hash: 7d53f5f55a7bdb1f9baabf1a2611cac7d6e6facdfdc7c0b3c139502ca4b4e262
          • Instruction Fuzzy Hash: 3252C370A08B84CFE735CB24C4847A7BBE2AB95314F144E6EC5D606BC2D77DAA84CB51
          Function 007071F0 Relevance: .7, Instructions: 657COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5ac4b9a1cd281c0b8258a23e25f102a7820432bff962a52c00b9d7fa9e83faf5
          • Instruction ID: 16c654897de27283dd1c1f30416cb76a2d496b5f17018b3f014671ba7247e746
          • Opcode Fuzzy Hash: 5ac4b9a1cd281c0b8258a23e25f102a7820432bff962a52c00b9d7fa9e83faf5
          • Instruction Fuzzy Hash: B252A47190C345CFCB19CF18C4906AABBE1BF88314F198A6DF89957392D778E949CB81
          Function 00708FD0 Relevance: .6, Instructions: 620COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: da270689e2d55f2c6362ddb83af47a78ea5f741caa18951400b5c0a22f154ee0
          • Instruction ID: 1e145256e6f4a2fc0120138d7ca6eb5ac4d26bd51e43bb0ea4b47e350df13277
          • Opcode Fuzzy Hash: da270689e2d55f2c6362ddb83af47a78ea5f741caa18951400b5c0a22f154ee0
          • Instruction Fuzzy Hash: 53428779608341DFD704CF28D8507AABBE1BF89324F09896DE5858B3A2D339D995CF42
          Function 00707BF0 Relevance: .6, Instructions: 592COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5beb64795689eaac95b6e7c2ff2e8860144082d566cac5f00784a178a16d3ddd
          • Instruction ID: 71ddaf4aad3e26fd6efe7406745949fc7bcfe9e27f99d78999d556e6f99970b4
          • Opcode Fuzzy Hash: 5beb64795689eaac95b6e7c2ff2e8860144082d566cac5f00784a178a16d3ddd
          • Instruction Fuzzy Hash: F2321270A15B11CFC368CF29C59052ABBF2BF45710B604A2ED6A787B91D73AF845CB10
          Function 007489A0 Relevance: .5, Instructions: 545COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 64d69033eb817cd6dc315a20924e2c8982315527743297bf6cb4aae55fe12944
          • Instruction ID: 9a1701fdec3dbeba024a17c3e9bb1ed55c8b943c03a9460c8fe1bf3ab6fe2ee6
          • Opcode Fuzzy Hash: 64d69033eb817cd6dc315a20924e2c8982315527743297bf6cb4aae55fe12944
          • Instruction Fuzzy Hash: 6E02A935608341DFC704DF68E88061ABBE1FB8A30AF09896DE58987261D77AD850CB96
          Function 00748A80 Relevance: .5, Instructions: 524COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 82c41a753ee55a039018131a1604f39ca88d5b3c36144c2560be016a5c815cc8
          • Instruction ID: 41f4ba40a4c06a03c0ef50074e4af4b8399d43726edad6e629e29517d93b0c9c
          • Opcode Fuzzy Hash: 82c41a753ee55a039018131a1604f39ca88d5b3c36144c2560be016a5c815cc8
          • Instruction Fuzzy Hash: 2FF1883560C341DFD704DF28E88061EBBE1BB8A30AF09896DE5C987261D77AD950CB96
          Function 00748C02 Relevance: .5, Instructions: 487COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 870c55fcd6c7b6fa80bae0386bc44fe901ab60ba3bb394a983d02cd49f354e04
          • Instruction ID: be08ce640e0101a63587b8a8bc462e16a1754cc2922844fe5265e2f9245df090
          • Opcode Fuzzy Hash: 870c55fcd6c7b6fa80bae0386bc44fe901ab60ba3bb394a983d02cd49f354e04
          • Instruction Fuzzy Hash: 9CE1BE31608351DFC704DF28E88066AF7E1FB8A31AF09896CE5C997361D77AD950CB92
          Function 0070A300 Relevance: .5, Instructions: 459COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
          • Instruction ID: fd85349c1a3ec25272d60243794b90d182ced720e486cedc9a98960d3b328d95
          • Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
          • Instruction Fuzzy Hash: A7F1AC76608341DFC725CF29C88166BFBE6AFD8300F08892DE4D587792E639E945CB52
          Function 00748E70 Relevance: .4, Instructions: 420COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c9873337c50320fc402af9f28ff12c559741ce672cc4a9ebb8453452e178393b
          • Instruction ID: e02f960747be0cf823833362b325912da37edb8d0ea537f46676bcffedc96e30
          • Opcode Fuzzy Hash: c9873337c50320fc402af9f28ff12c559741ce672cc4a9ebb8453452e178393b
          • Instruction Fuzzy Hash: 26D18A3460C391DFD704EF28D88062EFBE5BB8A309F09896DE5C587261D77AD850CB96
          Function 00747AB0 Relevance: .4, Instructions: 354COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6d456592d7cccdbca16b402e622fbe04e4743940ff0710c8f00edcc02e0b5d46
          • Instruction ID: 77e85d79349a76159b7609844ca6934a0f00f1fba92209254935d2f5b4e61875
          • Opcode Fuzzy Hash: 6d456592d7cccdbca16b402e622fbe04e4743940ff0710c8f00edcc02e0b5d46
          • Instruction Fuzzy Hash: D4B1D8B2A083508BD728DB28CC4576BB7E9EBC5314F084A6DE995D7391E739DC04CB92
          Function 0070AF10 Relevance: .3, Instructions: 303COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
          • Instruction ID: 0516c7789a24fa35f16baa9b9b827988d932ac32f629a5566e0a9a0cbe1bcf6f
          • Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
          • Instruction Fuzzy Hash: F4C16DB2A08741CFC360CF68DC96BABB7E1BF85318F084A2DD1D9C6242E778A155CB45
          Function 00716536 Relevance: .3, Instructions: 295COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 57e20c9afdb1d05982371ff353ee4c3fa2eca67721b3cb25b790983031113786
          • Instruction ID: d0384296e6bf98dc5067cb0cd0ab7e1f8b95946828398a96d279975282791785
          • Opcode Fuzzy Hash: 57e20c9afdb1d05982371ff353ee4c3fa2eca67721b3cb25b790983031113786
          • Instruction Fuzzy Hash: FBB102B4500B408FD325CF28C985B57BBF2AF46704F14885CE8AA8BB92E379F845CB55
          Function 00747710 Relevance: .3, Instructions: 287COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID:
          • API String ID: 2994545307-0
          • Opcode ID: e3a2851ed3501ea38100cb38fe434a87cbf28e1d0bbec1d0c7723f11104e12bf
          • Instruction ID: 67fede494df88842c31cfb73757e8a85d49b14d6c33ec2e3f1eee5ace76ff9e2
          • Opcode Fuzzy Hash: e3a2851ed3501ea38100cb38fe434a87cbf28e1d0bbec1d0c7723f11104e12bf
          • Instruction Fuzzy Hash: 9B91AC7160C301ABE728DB14C884BAFBBE5EB89350F548C1CF89487352E738E940CB92
          Function 0074A0D0 Relevance: .3, Instructions: 282COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7bc7dfbbc2980358a2dabe461d4a396577b9cdefe86399479008e60d97453272
          • Instruction ID: efcfbe963d6229898287c245ee623163ab331f561a1f9973efa6e34a61c55d50
          • Opcode Fuzzy Hash: 7bc7dfbbc2980358a2dabe461d4a396577b9cdefe86399479008e60d97453272
          • Instruction Fuzzy Hash: D081AC34248705ABD724DF28D890A2EB7F5FF89740F45892CE586CB252E739EC10CB92
          Function 007364F0 Relevance: .2, Instructions: 246COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 550698f470288b0972ddd3cb8d73b64d9b14b0c2b6a257689e4f0db415b82bdd
          • Instruction ID: f3bae0f1f5afba0729fd8207d75dc984fdd673256cce089d0c2abae7ed85b52a
          • Opcode Fuzzy Hash: 550698f470288b0972ddd3cb8d73b64d9b14b0c2b6a257689e4f0db415b82bdd
          • Instruction Fuzzy Hash: 2071E637B29A904BE3159D3C8C42395AA534BD7334F3DC37AA9B48B3E6D62D8C064340
          Function 007228E9 Relevance: .2, Instructions: 244COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 81cc82eeef9779b1c3fca9daba7f2067cf7f1cb101b9eb4abdcd38ddfcad5f07
          • Instruction ID: 47a6ef90d9c80c23720a6dbc4cc265989391b2b497921eccb777a3a1b6741ba4
          • Opcode Fuzzy Hash: 81cc82eeef9779b1c3fca9daba7f2067cf7f1cb101b9eb4abdcd38ddfcad5f07
          • Instruction Fuzzy Hash: A56188B4508360DBD310AF14E851A2BBBF0FFA6750F18891CE5C58B362E339D911CBA6
          Function 00727C00 Relevance: .2, Instructions: 243COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dcb1ea8b7c875624f490547a6a8940900dad2ffefca835dabd87a24dbe8d34de
          • Instruction ID: b0751cf3ccbdf6389fcca5142aefbc53a5bcf49160e50ca3d5999be79421bfb4
          • Opcode Fuzzy Hash: dcb1ea8b7c875624f490547a6a8940900dad2ffefca835dabd87a24dbe8d34de
          • Instruction Fuzzy Hash: A951B0B17082249BDB249B24DC86B7733B8EF85764F144958F9858B391F379DC41C762
          Function 00731860 Relevance: .2, Instructions: 217COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
          • Instruction ID: f423e8c45f790fea6c1c9a1430e4f77483c5ae4d9699fb5a0389b4f1b92ad7a2
          • Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
          • Instruction Fuzzy Hash: 8061D0316093519BE714CE28C58032FBBE2ABC9351FA9C92EE4898B352D378ED819741
          Function 007382D0 Relevance: .2, Instructions: 215COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 99c1f0c53d187ab8a49aef64f0a7522d24ac3273a50e0fdfb28f67ad87b560b0
          • Instruction ID: 0af1768c7875f02bb1e1ac6ee6fe2aa111bf0f3fc79b96c0740ff70c49d68fc2
          • Opcode Fuzzy Hash: 99c1f0c53d187ab8a49aef64f0a7522d24ac3273a50e0fdfb28f67ad87b560b0
          • Instruction Fuzzy Hash: 56612827B5AB904BE355493C5C553AAAA831BD2730F3EC366A9F18B3E6DE7D48014343
          Function 007142FC Relevance: .2, Instructions: 206COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 61b8b5648fa05a83e5bdb51b0dd34e2136b8dd8e9ddab8373f2f92f71692027c
          • Instruction ID: 6627b69058b67d9a8aafe00c3e3b3ecf22797ec02045577513df1f19bb587f5e
          • Opcode Fuzzy Hash: 61b8b5648fa05a83e5bdb51b0dd34e2136b8dd8e9ddab8373f2f92f71692027c
          • Instruction Fuzzy Hash: 2881E1B4810B00AFD360EF39D947797BEF4AB06301F404A1DE8EA97695E7346459CBE2
          Function 0073E8A0 Relevance: .2, Instructions: 189COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
          • Instruction ID: 4b88afc5bf441c7ece61b26753eebf9ae0f4191f299de5d078815e161de61a31
          • Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
          • Instruction Fuzzy Hash: 99515DB16087548FE314DF69D49436BBBE1BBC5318F044E2DE4E987391E379DA088B82
          Function 008122E1 Relevance: .2, Instructions: 179COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7eaaf0738792aa48315e2be57b5c049647f8b5a2b7889d6bb74bd5e3184899aa
          • Instruction ID: b05028a807e9bbe7fa5e88c31c9962a84e6f1e30f7ff4c6ef755ad5ed8c4180d
          • Opcode Fuzzy Hash: 7eaaf0738792aa48315e2be57b5c049647f8b5a2b7889d6bb74bd5e3184899aa
          • Instruction Fuzzy Hash: B151F2F3F055101BF354883DDC58776A69BDBC4320F2B863AEA58DB7C4E9794D0A4294
          Function 00747520 Relevance: .2, Instructions: 176COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 975ffb70419f5766be9e890004644e1d1a0198f73e0b4369afd89064f2ca9f01
          • Instruction ID: 79d3f543d5849d027ea7b64b7c54dad3d7b656460a98aa31ec4fd9d7d93dbe64
          • Opcode Fuzzy Hash: 975ffb70419f5766be9e890004644e1d1a0198f73e0b4369afd89064f2ca9f01
          • Instruction Fuzzy Hash: 1551077160C3009BC7199E18CC90B2EB7E6FB89355F698A2CE8D557391D739EC10C7A2
          Function 00861808 Relevance: .2, Instructions: 174COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: defc3d1b4329533dc37357075e8525b08f3ec12004ac4d7afc12281dc8b17c42
          • Instruction ID: 47f6f253d987570880d57e5a7dd495aad1fa4d645ae5ad3e4fc032252a91d38a
          • Opcode Fuzzy Hash: defc3d1b4329533dc37357075e8525b08f3ec12004ac4d7afc12281dc8b17c42
          • Instruction Fuzzy Hash: 3B513DF39086205BD7046E1CEC8A7A6BBE9DB94720F1B453EEAC8D7740EE75580583C6
          Function 0081BB65 Relevance: .2, Instructions: 172COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ff88eb3f9cf550c2388742a5ba6ce0be0b4f39c550fb87daeb6282bbd4a6958e
          • Instruction ID: 801596bdfcfaac96bed8f30ac94bb70f7073b9992c0c3ccb59603ed141230521
          • Opcode Fuzzy Hash: ff88eb3f9cf550c2388742a5ba6ce0be0b4f39c550fb87daeb6282bbd4a6958e
          • Instruction Fuzzy Hash: 994127F3A085145FE384693DEC48BBBBADAEBD0360F2B453DEAC4C3744E97494418696
          Function 00705A50 Relevance: .2, Instructions: 163COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1a4720e680164e6c9d4872647dc8d581bc1f1f60cd9068ebf2fa2f1a58c11f21
          • Instruction ID: 89078231349f0d6a0d9d31f5e662beab9e3aa09b98c43ab2fe46ecee13555cfa
          • Opcode Fuzzy Hash: 1a4720e680164e6c9d4872647dc8d581bc1f1f60cd9068ebf2fa2f1a58c11f21
          • Instruction Fuzzy Hash: 0F519DB5A04705DFD7149F14C880927BBE1FF85324F19876CE8958B392D635EC42CB92
          Function 009FDC19 Relevance: .2, Instructions: 151COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 56ddeabaa10a3e538c64fc4d0cc41c4b0245c3352484a43ae3e10b39064bde0e
          • Instruction ID: 93a6e8e4b6606a5a2fef527970d5fd188171344a4df159f4212d7ab042a84661
          • Opcode Fuzzy Hash: 56ddeabaa10a3e538c64fc4d0cc41c4b0245c3352484a43ae3e10b39064bde0e
          • Instruction Fuzzy Hash: 6C41F3F250E208DBD704BE28DD8573ABBE6AB94310F264D2D93D247B40E6795441D783
          Function 0072EC48 Relevance: .1, Instructions: 146COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4e005128ddfa2bc5146bcca99a0cf380641bb15eb8088fcba96e419f9cf59e53
          • Instruction ID: 733a9b4f985f4c49824e391d5c8ce1fe0021b9f165adeb5cd6d6b68c27c0d814
          • Opcode Fuzzy Hash: 4e005128ddfa2bc5146bcca99a0cf380641bb15eb8088fcba96e419f9cf59e53
          • Instruction Fuzzy Hash: A941AF74A00325DBDF20CF94EC91BADB7B0FF0A311F544548E945AB3A1EB38A951CBA5
          Function 00749B60 Relevance: .1, Instructions: 140COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c103ca03e294e638bda5774372978fbd391a95b9585aef9c3fbfbfea503643d3
          • Instruction ID: 76119b8dca1fdd8de75f4a85c6b6b27c659d12437c3b5666fb8e0ffc36d4e8c4
          • Opcode Fuzzy Hash: c103ca03e294e638bda5774372978fbd391a95b9585aef9c3fbfbfea503643d3
          • Instruction Fuzzy Hash: C5419174208300EBD710DF25D9D5B2FB7E6EB85710F54882CF6899B251D379E800CBA6
          Function 00712030 Relevance: .1, Instructions: 136COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 27aec9e6f10f85f56029e84c96414f0c9e5dfed2385812ca567a9e255db4aa5c
          • Instruction ID: a84020472674405ac1d5e5ab1fd6d0df92e5ff21ca3b292ec4e594af3ab101f1
          • Opcode Fuzzy Hash: 27aec9e6f10f85f56029e84c96414f0c9e5dfed2385812ca567a9e255db4aa5c
          • Instruction Fuzzy Hash: DA41F632A083654FD35DCE2D849067ABBE2ABC9300F09C66EE4D6873D1DB788995D781
          Function 00711E93 Relevance: .1, Instructions: 131COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b3896ad0136edf190e200f349b33fb8c11bf29ad7bacea3f4a02c8f793fef745
          • Instruction ID: 5b3f850d6f0df936d8b213ee8d9b6259b8dac011cdd5e63fa0c74fcd34c7d1d7
          • Opcode Fuzzy Hash: b3896ad0136edf190e200f349b33fb8c11bf29ad7bacea3f4a02c8f793fef745
          • Instruction Fuzzy Hash: F241F2745083809BD320AF58C888B1EFBF5FB86745F144D1DF6C4A7292C37AD8558B66
          Function 00748D8A Relevance: .1, Instructions: 124COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ed0a92bb914ec237f98bf1faaf89ea8d93608d9fb12ebb4a9c70f637e8d579ff
          • Instruction ID: 85c6d49f68b2e82318ae1125e415bbbdd7db4ae9c6a24b34e190e1fdf29b5e58
          • Opcode Fuzzy Hash: ed0a92bb914ec237f98bf1faaf89ea8d93608d9fb12ebb4a9c70f637e8d579ff
          • Instruction Fuzzy Hash: B041CF31A0D2548FC344EF68C49062EFBE6AF99300F098A6DD4D5D72A2DB79DD018B92
          Function 0071D961 Relevance: .1, Instructions: 121COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 734c1ad747fbd9ba541dc2208cefd928ad0bdcbc5bf55ca45855d591c9657818
          • Instruction ID: 2317e16269a8b6604d9054d24fa9249db96ae3a978c588f2af61f7b32709a858
          • Opcode Fuzzy Hash: 734c1ad747fbd9ba541dc2208cefd928ad0bdcbc5bf55ca45855d591c9657818
          • Instruction Fuzzy Hash: 6E41ABB1648391CBD730DF14C845BEBB7B0FF96361F048A58E48A8B691E7785980CB97
          Function 00962583 Relevance: .1, Instructions: 116COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2b6f9925fce68942022521ee7fe90270795a0f1227e0397d12c5145e4ad6cb2c
          • Instruction ID: f3ee8756e7ea535e95934b24b6f19fe72454debf5a52cde63ed4f5c59992c804
          • Opcode Fuzzy Hash: 2b6f9925fce68942022521ee7fe90270795a0f1227e0397d12c5145e4ad6cb2c
          • Instruction Fuzzy Hash: DF414BB210C604EFE706BE28D88267EFBE5FF98310F16482DE6C5C3654EB3594458A97
          Function 0073F030 Relevance: .1, Instructions: 104COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
          • Instruction ID: ad19e55198cd5cdac8cc0c84f2c7f6f4f129b42939c005d0119a454032329dfb
          • Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
          • Instruction Fuzzy Hash: 18213A32D0822447D3289B1DC58053BF7E4EB99744F06863EE8C497296E339DC1087E2
          Function 007467EF Relevance: .1, Instructions: 101COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 22af582dd7d3b136d1bc065eb8289b6a9164012d53c217b910ea36b50e6f78e4
          • Instruction ID: 5a233f94564ab7e5a8eb6dd932d1f84cb0e374872ed6fd4d2b42e407a49545aa
          • Opcode Fuzzy Hash: 22af582dd7d3b136d1bc065eb8289b6a9164012d53c217b910ea36b50e6f78e4
          • Instruction Fuzzy Hash: 4531F5705183829AE714CF14C49066FBBF0AF96789F54590DF4C8AB262E338D985CB9A
          Function 00725E70 Relevance: .1, Instructions: 99COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8445bd45df16f84d3d6c4c5a8e1f401e58fd96f42cb96a7824d84d1bed06368a
          • Instruction ID: 87407c332ba2489715abbbc271d8c1cab5f3787ee08c092d7f181582d0ec3181
          • Opcode Fuzzy Hash: 8445bd45df16f84d3d6c4c5a8e1f401e58fd96f42cb96a7824d84d1bed06368a
          • Instruction Fuzzy Hash: F421A170908221DBC310AF18D94597BB7F4EF96765F458A0CF4D59B292E338DA00CBA3
          Function 007049A0 Relevance: .1, Instructions: 95COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
          • Instruction ID: b16061ee81d0a38fac2c3de04c7c897b051ac7de0409c22326c822474ca00d33
          • Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
          • Instruction Fuzzy Hash: E331C7F1758200DBD7109E68D88492BB7E1EF84358F18CB3CE99AD7281D239EC42CB46
          Function 007464B8 Relevance: .1, Instructions: 83COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0b050e95617b37608c29f0ed95f84478c180bc1d4d7bcab37cafbdc316fb067b
          • Instruction ID: 2f98a0d39c89ba4214a823cbcf55be9f09c393166f4bfe1520380deb056e5bd5
          • Opcode Fuzzy Hash: 0b050e95617b37608c29f0ed95f84478c180bc1d4d7bcab37cafbdc316fb067b
          • Instruction Fuzzy Hash: 6F21397460C280DBCB04EF19D490A2EFBE6EB9A745F18881CE4C593261C339A850CB67
          Function 0073B650 Relevance: .1, Instructions: 64COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
          • Instruction ID: da2a6854e6662caff330ec35e775e37775e0b8a07c8c3badaac9e52b2b4fadc1
          • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
          • Instruction Fuzzy Hash: 5F11E533A051D88ED3168D3C8441565BFA31AE3234F5983D9F4B89B2D3D7268D8A8364
          Function 00730B80 Relevance: .1, Instructions: 63COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
          • Instruction ID: ac9d02efd8625b08059446aa1951d29e4c45d59578196190bc64844d3f498d63
          • Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
          • Instruction Fuzzy Hash: 16015EF5B0030287F7219F5498E5B3BF2A86B80718F18462CE84657243DB79EC05C6E5
          Function 0072D1E1 Relevance: .0, Instructions: 46COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f1888d5f18a7701465dbb7dfb7eb8172c8544d2db67c44e174b861a4f42fc5df
          • Instruction ID: e448b3a0f2c0d6363c83ee1b7ab8a42cefb18c0fcc519550237ca5f61a9c3ea4
          • Opcode Fuzzy Hash: f1888d5f18a7701465dbb7dfb7eb8172c8544d2db67c44e174b861a4f42fc5df
          • Instruction Fuzzy Hash: 1311EFB0408380EFD3209F618494A1FFBE5EB96714F148C0DF5A49B251C379D815CF56
          Function 00706EA0 Relevance: .0, Instructions: 46COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0f2d40d044e1d7033e9b23705588e92ecf6e63c23e77397effdd00b8a7521994
          • Instruction ID: b047db8777d8b8ce729dbce45537ce9b3613d1a87f60d6a2539a095dafaf769c
          • Opcode Fuzzy Hash: 0f2d40d044e1d7033e9b23705588e92ecf6e63c23e77397effdd00b8a7521994
          • Instruction Fuzzy Hash: 5DF0243E71821A4BB210DDAAE8C083BB3D6D7CA364B055639EA40C3241CE76F80281A4
          Function 0073B8C0 Relevance: .0, Instructions: 44COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
          • Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
          • Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
          • Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695
          Function 0071C5F0 Relevance: .0, Instructions: 42COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
          • Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
          • Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
          • Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696
          Function 0071B410 Relevance: .0, Instructions: 38COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
          • Instruction ID: 838a551f3f0959d612952bd7a8aa7ab94c375f827dcda1aecce7ba98f611e295
          • Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
          • Instruction Fuzzy Hash: EEF0ECB16045505BDF22CA5C9CC0FB7BBACCB8B354F190426FC4557183E2655885C3E5
          Function 00738220 Relevance: .0, Instructions: 32COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 22f5d4473fd47807702d8629c1f5b25b116186019efd665b9e60894ea1c31b52
          • Instruction ID: d6abd49d9d2f3fa65e778a1486e5d215b5c21d11ad5f4be529adb25694116595
          • Opcode Fuzzy Hash: 22f5d4473fd47807702d8629c1f5b25b116186019efd665b9e60894ea1c31b52
          • Instruction Fuzzy Hash: D101E4B44107009FC360EF29C485757BBE8EB08714F008A1DE8EECB680D774A5448B82
          Function 00741440 Relevance: .0, Instructions: 21COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
          • Instruction ID: f7663288f23839224b664ffdf15e52662af47cd70f1ec0528e3a59059636f3a0
          • Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
          • Instruction Fuzzy Hash: CCD0A771608361469F749E1DE410977F7F0EAC7B11F89955EFA86E3148D334DC81C2A9
          Function 00711ACD Relevance: .0, Instructions: 14COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e332ebf7ca2194d3003938370c69b4a04cf0990ec984ca41bf9e1fc21e935e24
          • Instruction ID: 6cc9cd6bd5f9c183c3ac79b4ed826ae3e6100cfeeae79d9749bd9eb944955657
          • Opcode Fuzzy Hash: e332ebf7ca2194d3003938370c69b4a04cf0990ec984ca41bf9e1fc21e935e24
          • Instruction Fuzzy Hash: FFC01238A981818B82049F08A899476A6B8A70720D740E02BDA02EB261DB68C412890D
          Function 00746094 Relevance: .0, Instructions: 12COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8e90976bdf2bdd0167c667deebd1a953fdd05189e8542eec7fabe3ace6b9df21
          • Instruction ID: 80295b6662526f388c0f59ed189e5d0b64317953ea83b0fb1605bae28cdd35a0
          • Opcode Fuzzy Hash: 8e90976bdf2bdd0167c667deebd1a953fdd05189e8542eec7fabe3ace6b9df21
          • Instruction Fuzzy Hash: 15C09B74E5C20087B20CCF04D9514B5F3779B97755724F01DC81723266D17CD517951D
          Function 00711A3C Relevance: .0, Instructions: 12COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0b18fe5d1962163a009b95f1613e65aa92e52f83a093b9afe702af9de25c0795
          • Instruction ID: 61f8ebc5ee4345d4d35c9a0afcd3f92169cf1fd5e9c0d2569efa20256233be17
          • Opcode Fuzzy Hash: 0b18fe5d1962163a009b95f1613e65aa92e52f83a093b9afe702af9de25c0795
          • Instruction Fuzzy Hash: 8AC04C28A990818B82449E8DA891472A6A85707208750B03BD702EB261DA64D415850D
          Function 00745FD6 Relevance: .0, Instructions: 11COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2145277271.0000000000701000.00000040.00000001.01000000.00000003.sdmp, Offset: 00700000, based on PE: true
          • Associated: 00000000.00000002.2145243825.0000000000700000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000760000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009CE000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009F7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145481747.0000000000A0D000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2145916689.0000000000A0E000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146060361.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2146077328.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_700000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d3a8ace2c004fd39fedd129cdceb93888744899628fc33355d340ef7eee601e3
          • Instruction ID: c4c9687a85726251faf1582b3e35fca88b3b9ac1f088761a1cb0aaa33b2af273
          • Opcode Fuzzy Hash: d3a8ace2c004fd39fedd129cdceb93888744899628fc33355d340ef7eee601e3
          • Instruction Fuzzy Hash: BDC09B64F6820047B24CCF14DD51575F2B79B87555714F01DC80563265D178D511850C